CVE-2025-54471

CWE-3215 documents4 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 87.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse NeuvectorGithub.com Neuvector/neuvector
Timeline
PublishedOct 30

Description

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5suse/neuvector5.3.05.4.7+1
Gogithub.com/neuvector/neuvector5.3.05.4.7+1

🔴Vulnerability Details

4
CVEList
NeuVector is shipping cryptographic material into its binary2025-10-30
OSV
NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector2025-10-30
OSV
NeuVector is shipping cryptographic material into its binary2025-10-21
GHSA
NeuVector is shipping cryptographic material into its binary2025-10-21
CVE-2025-54471 (MEDIUM CVSS 6.5) | NeuVector used a hard-coded cryptog | cvebase.io