Medium severity5.3GHSA Advisory· Published Sep 17, 2025· Updated Apr 15, 2026

CVE-2025-54467

Description

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/neuvector/neuvectorGo	>= 5.0.0, < 5.4.6	5.4.6
github.com/neuvector/neuvectorGo	< 0.0.0-20250825231653-65d7e746ce84	0.0.0-20250825231653-65d7e746ce84

Affected products

Neuvector/NeuvectorGHSA
Range: < 0.0.0-20250825231653-65d7e746ce84

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-w54x-xfxg-4gxqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-54467ghsaADVISORY
bugzilla.suse.com/show_bug.cginvdWEB
github.com/neuvector/neuvector/security/advisories/GHSA-w54x-xfxg-4gxqnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000