CVE-2025-53884 — Use of a One-Way Hash without a Salt in Neuvector

CWE-759 — Use of a One-Way Hash without a Salt CWE-916 — Use of Password Hash With Insufficient Computational Effort5 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 93.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Neuvector Github.com Neuvector Neuvector

Timeline

PublishedSep 17

Description

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5suse/neuvector5.0.0 — 5.4.6

▶Gogithub.com/neuvector_neuvector5.0.0 — 5.4.6

🔴Vulnerability Details

CVEList

NeuVector has an insecure password storage vulnerable to rainbow attack↗2025-09-17

▶

OSV

NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector↗2025-09-08

▶

OSV

NeuVector has an insecure password storage vulnerable to rainbow attack↗2025-08-28

▶

GHSA

NeuVector has an insecure password storage vulnerable to rainbow attack↗2025-08-28

▶