Cryptographic Key Exposure in NeuVector by NeuVector
CVE-2025-54471

6.5MEDIUM

Key Information:

Vendor: Suse
Status: Neuvector
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-54471?

A cryptographic key exposure vulnerability was found in NeuVector, where a hard-coded key was embedded within the source code. During the compilation process, this key was substituted with a secret key value, which plays a crucial role in encrypting sensitive configurations when NeuVector stores data. This practice poses a significant risk, as the hard-coded nature of the key could be exploited to expose encrypted data, potentially leading to unauthorized access and loss of confidentiality.

Affected Version(s)

neuvector 5.3.0 < 5.4.7

neuvector 0.0.0-20230727023453-1c4957d53911 < 0.0.0-20251020133207-084a437033b4

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471

https://github.com/neuvector/neuvector/security/advisorie...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Jul 23, 2025

JSON

Suse

What is CVE-2025-54471?

Affected Version(s)

References

CVSS V3.1

Timeline