Suse Neuvector

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Suse Neuvector.

By the Year

In 2026 there have been 1 vulnerability in Suse Neuvector with an average score of 8.8 out of ten. Last year, in 2025 Neuvector had 6 security vulnerabilities published. Right now, Neuvector is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.23.

Year	Vulnerabilities	Average Score
2026	1	8.80
2025	6	7.57

It may take a day or so for new Neuvector vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Suse Neuvector Security Vulnerabilities

NeuVector OIDC TLS SkipMITM Risk
CVE-2025-66001 8.8 - High - January 08, 2026

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

Improper Certificate Validation

NeuVector Hard-Coded Key in Source Enables Config Encryption Disclosure
CVE-2025-54471 6.5 - Medium - October 30, 2025

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

Use of Hard-coded Cryptographic Key

NeuVector Enforcer Command Injection via Unsanitized CLUSTER_* Ports
CVE-2025-54469 9.9 - Critical - October 30, 2025

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer container stops, the monitor process checks whether the consul subprocess has exited. To perform this check, the monitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active. The values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT are used directly to compose shell commands via popen without validation or sanitization. This behavior could allow a malicious user to inject malicious commands through these variables within the enforcer container.

Shell injection

NeuVector TLS Cert Verification Bypass in Anonymous Telemetry (MITM/DoS)
CVE-2025-54470 8.6 - High - October 30, 2025

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack

Improper Certificate Validation

NeuVector <5.4.5 Default admin password exposes full API access
CVE-2025-8077 9.8 - Critical - September 17, 2025

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

1393

NeuVector Process Rule Violation Logs Expose Passwords
CVE-2025-54467 5.3 - Medium - September 17, 2025

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.

Insufficiently Protected Credentials

NeuVector unsalted hash vulnerable to rainbow table attacks
CVE-2025-53884 5.3 - Medium - September 17, 2025

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).

Use of a One-Way Hash without a Salt

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Suse Neuvector or by Suse? Click the Watch button to subscribe.

Suse
Vendor

Suse Neuvector
Product

Suse Neuvector

Don't miss out!

By the Year

Recent Suse Neuvector Security Vulnerabilities

NeuVector OIDC TLS SkipMITM Risk CVE-2025-66001 8.8 - High - January 08, 2026

NeuVector Hard-Coded Key in Source Enables Config Encryption Disclosure CVE-2025-54471 6.5 - Medium - October 30, 2025

NeuVector Enforcer Command Injection via Unsanitized CLUSTER_* Ports CVE-2025-54469 9.9 - Critical - October 30, 2025

NeuVector TLS Cert Verification Bypass in Anonymous Telemetry (MITM/DoS) CVE-2025-54470 8.6 - High - October 30, 2025

NeuVector <5.4.5 Default admin password exposes full API access CVE-2025-8077 9.8 - Critical - September 17, 2025

NeuVector Process Rule Violation Logs Expose Passwords CVE-2025-54467 5.3 - Medium - September 17, 2025

NeuVector unsalted hash vulnerable to rainbow table attacks CVE-2025-53884 5.3 - Medium - September 17, 2025