CVE-2025-8077

CWE-13935 documents4 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 69.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse NeuvectorGithub.com Neuvector/neuvector
Timeline
PublishedSep 17

Description

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5suse/neuvector5.0.05.4.6
Gogithub.com/neuvector/neuvector5.0.05.4.6

🔴Vulnerability Details

4
CVEList
NeuVector admin account has insecure default password2025-09-17
OSV
NeuVector admin account has insecure default password in github.com/neuvector/neuvector2025-09-08
GHSA
NeuVector admin account has insecure default password2025-08-28
OSV
NeuVector admin account has insecure default password2025-08-28
CVE-2025-8077 (CRITICAL CVSS 9.8) | A vulnerability exists in NeuVector | cvebase.io