CVE-2025-53884
Aliases:GHSA-8ff6-pc43-jwv3GO-2025-3917
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Deferred
Published: 17 Sept 2025, 12:27
Last modified:17 Sept 2025, 13:24
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.03% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Sept 2025, 12:27
Published
Vulnerability first disclosed
17 Sept 2025, 13:24
Last Modified
Vulnerability information updated
Description
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Trends
Current EPSS score: 0.03%• Percentile: 11%
Techniques & Countermeasures
- CWE-759•Use of a One-Way Hash without a Salt
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
Affected Systems
- github.com/neuvector•neuvector
all | ≥ 5.0.0, < 5.4.6 | < 0.0.0-20250825191744-da1a462074c3
- suse•neuvector
≥ 5.0.0, < 5.4.6