Upstream information
Description
NeuVector used a hard-coded cryptographic key embedded in the sourcecode. At compilation time, the key value was replaced with the secret
key value and used to encrypt sensitive configurations when NeuVector
stores the data.
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| CVSS detail | CNA (SUSE) | SUSE |
|---|---|---|
| Base Score | 6.5 | 6.5 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | High | High |
| Integrity Impact | None | None |
| Availability Impact | None | None |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- GHSA-h773-7gf7-9m2x, published Tue Oct 21 20:59:06 CEST 2025
SUSE Timeline for this CVE
CVE page created: Tue Sep 9 17:15:15 2025CVE page last modified: Fri Oct 31 01:47:02 2025