CVE-2025-8077

Source
https://cve.org/CVERecord?id=CVE-2025-8077
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8077.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8077
Aliases
Downstream
Related
Published
2025-09-17T12:33:37.904Z
Modified
2026-07-15T02:17:03.769381611Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
NeuVector admin account has insecure default password
Details

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

Database specific
{
    "cna_assigner": "suse",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8077.json",
    "cwe_ids": [
        "CWE-1393"
    ]
}
References

Affected packages

Git / github.com/neuvector/neuvector

Affected ranges

Type
GIT
Repo
https://github.com/neuvector/neuvector
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.4.6"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8077.json"