Vulnerability in Suse Neuvector
CVE-2025-54470
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVecto…
Vulnerability class: Improper Certificate Validation
EPSS: 0.001 (22.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.
Affected products
- Suse Neuvector — versions 5.3.0, 5.4.0, 0.0.0-20230727023453-1c4957d53911
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-54470?
- CVE-2025-54470 is a high-severity vulnerability in Suse Neuvector, classified under Improper Certificate Validation. CVSS score: 8.6/10. Published 2025-10-30.
- How severe is CVE-2025-54470?
- High severity. CVSS v3 base score is 8.6 out of 10.