NeuVector <5.4.5 Default admin password exposes full API access
CVE-2025-8077 Published on September 17, 2025
NeuVector admin account has insecure default password
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.
Vulnerability Analysis
CVE-2025-8077 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Products Associated with CVE-2025-8077
Want to know whenever a new CVE is published for Suse Neuvector? stack.watch will email you.
Affected Versions
SUSE neuvector:- Version 5.0.0 and below 5.4.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.