Vulnerability Database

308,820

Total vulnerabilities in the database

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

Published: Aug 28, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-8077
GHSA: GHSA-8pxw-9c75-6w56
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-1393

Affected Software
References

Software	From	Fixed in
github.com/neuvector/neuvector	5.0.0	5.4.6

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo