VYPR
High severity8.8GHSA Advisory· Published Jan 8, 2026· Updated Apr 15, 2026

CVE-2025-66001

CVE-2025-66001

Description

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/neuvector/neuvectorGo
>= 5.3.0, < 5.4.85.4.8

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.