CVE-2025-66001 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-66001 at MITRE

Description

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1254249 [RESOLVED / FIXED]

SUSE Security Advisories:

GHSA-4jj9-cgqc-x9h5, published Fri Dec 12 15:02:16 CET 2025

List of released packages

Product(s)	Fixed package version(s)	References

SUSE Timeline for this CVE

CVE page created: Wed Nov 26 10:15:09 2025
CVE page last modified: Thu Jan 8 13:00:55 2026