CVE-2025-53884

Description

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SUSE / neuvector5.0.0 – 5.4.6

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53884
VENDOR_ADVISORYhttps://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3