CVE-2025-54467
Aliases:GHSA-w54x-xfxg-4gxqGO-2025-3919
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Deferred
Published: 17 Sept 2025, 12:29
Last modified:17 Sept 2025, 13:19
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.06% LOW
0% probability +0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Sept 2025, 12:29
Published
Vulnerability first disclosed
17 Sept 2025, 13:19
Last Modified
Vulnerability information updated
Description
When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Trends
Current EPSS score: 0.06%• Percentile: 20%
Techniques & Countermeasures
- CWE-522•Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Affected Systems
- github.com/neuvector•neuvector
all | ≥ 5.0.0, < 5.4.6 | < 0.0.0-20250825231653-65d7e746ce84
- suse•neuvector
≥ 5.0.0, < 5.4.6