VYPR
Medium severity6.5GHSA Advisory· Published Oct 30, 2025· Updated Apr 15, 2026

CVE-2025-54471

CVE-2025-54471

Description

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/neuvector/neuvectorGo
>= 5.3.0, < 5.4.75.4.7
github.com/neuvector/neuvectorGo
>= 0.0.0-20230727023453-1c4957d53911, < 0.0.0-20251020133207-084a437033b40.0.0-20251020133207-084a437033b4

Affected products

12

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.