Telemetry Data Transmission Flaw in NeuVector by NeuVector
CVE-2025-54470

8.6HIGH

Key Information:

Vendor: Suse
Status: Neuvector
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-54470?

This vulnerability exposes NeuVector deployments to significant risks when the 'Report anonymous cluster data' feature is enabled. With TLS certificate verification not enforced during the transmission of anonymous telemetry data, attackers can exploit this flaw to perform man-in-the-middle (MITM) attacks, intercepting or modifying the data sent to the telemetry server. Additionally, there is a flaw related to how responses from the telemetry server are handled, as they are loaded into memory without size limitations, which leaves the system open to potential Denial of Service (DoS) attacks.

Affected Version(s)

neuvector 5.3.0 < 5.3.5

neuvector 5.4.0 < 5.4.7

neuvector 0.0.0-20230727023453-1c4957d53911 < 0.0.0-20251020133207-084a437033b4

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54470

https://github.com/neuvector/neuvector/security/advisorie...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Jul 23, 2025

JSON

Suse

What is CVE-2025-54470?

Affected Version(s)

References

CVSS V3.1

Timeline