CNNVD-202509-2787 Information
CNNVD ID
CNNVD-202509-2787
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
NeuVector是美国NeuVector公司的一套端到端的容器安全平台。该平台包括图像漏洞管理、准入控制和容器进程/文件系统保护等功能。 NeuVector 5.4.5及之前版本存在安全漏洞,该漏洞源于内置admin账户使用固定字符串作为默认密码,可能导致攻击者获取身份验证令牌并执行任意操作。
Description (English)
NeuVector is an end-to-end container safety platform for NeuVector in the United States. The platform includes features such as image gap management, access control and container process/document system protection. There is a security loophole in NeuVector 5.4.5 and earlier versions, which stems from the use of a fixed string as a default password for the built-in admin account, which may lead the assailant to obtain identification badges and perform arbitrary operations.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
NeuVector
Published
2025-09-17
Last Modified
2026-02-24
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-8077 https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56
Patch
https://github.com/neuvector/neuvector/releases
Share on: