CVE-2025-54471

{"id": "CVE-2025-54471", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-10-30T10:15:35.400", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54471", "source": "meissner@suse.de"}, {"url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x", "source": "meissner@suse.de"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "NeuVector used a hard-coded cryptographic key embedded in the source \ncode. At compilation time, the key value was replaced with the secret \nkey value and used to encrypt sensitive configurations when NeuVector \nstores the data."}], "lastModified": "2025-10-30T15:03:13.440", "sourceIdentifier": "meissner@suse.de"}