Home > Vulnerability Database > CVE-2025-54471

Mend.io Vulnerability Database

CVE-2025-54471

Good to know:

Date: October 30, 2025

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

Severity Score

6.5

Related Resources (6)

Url: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471

Url: https://github.com/neuvector/neuvector

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54471

Url: https://github.com/neuvector/neuvector/commit/084a437033b491eeea11bdba1a09dd84ed12ea88

Url: https://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x

Url: https://www.mend.io/vulnerability-database/CVE-2025-54471

Severity Score

6.5

Weakness Type (CWE)

Use of Hard-coded Cryptographic Key

CWE-321

Top Fix

Upgrade Version

Upgrade to version github.com/neuvector/neuvector - v5.4.7;github.com/neuvector/neuvector - v0.0.0-20251020133207-084a437033b4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54471

Good to know:

Date: October 30, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?