CRITICAL🇵🇱 Wersja polska

CVE-2025-8077

CVSS 9.8v3.1pub. 2025-09-17upd. 2026-04-15

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

🤖 AI Analysis
How it works

NeuVector uses a fixed string as the default password for the built-in `admin` account. If an administrator does not change this password immediately after deployment, an attacker or malicious workload with network access to the cluster can log in using the known default credentials. After successful authentication, a session token is obtained, which provides full access to all operations exposed by the NeuVector API without any additional restrictions.

Impact

An attacker gains full administrative privileges in NeuVector, enabling them to read, modify, and delete cluster security configurations, as well as manipulate network policies and workload protection mechanisms — leading to complete compromise of confidentiality, integrity, and availability of the environment.

Mitigation & patch

The default password for the `admin` account must be changed immediately after each NeuVector deployment. Patches available from the vendor should be applied according to references (GHSA-8pxw-9c75-6w56 and SUSE Bugzilla CVE-2025-8077). It is also recommended to restrict network access to the NeuVector API only to trusted workloads and administrators.

Who is affected

NeuVector in versions up to and including 5.4.5

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References