What is CVE-2025-54471?

CVE-2025-54471 is a medium-severity vulnerability in Suse Neuvector, classified under Use of Hard-coded Cryptographic Key. CVSS score: 6.5/10. Published 2025-10-30.

How severe is CVE-2025-54471?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Suse Neuvector

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

EPSS: 0.000 (14.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Suse Neuvector — versions 5.3.0, 0.0.0-20230727023453-1c4957d53911

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

bugzilla.suse.com/show_bug.cgi
github.com/neuvector/neuvector/security/advisories/GHSA-h773-7gf7-9m2x

Frequently asked questions

What is CVE-2025-54471?: CVE-2025-54471 is a medium-severity vulnerability in Suse Neuvector, classified under Use of Hard-coded Cryptographic Key. CVSS score: 6.5/10. Published 2025-10-30.
How severe is CVE-2025-54471?: Medium severity. CVSS v3 base score is 6.5 out of 10.