VYPR
Critical severity9.8GHSA Advisory· Published Sep 17, 2025· Updated Apr 15, 2026

CVE-2025-8077

CVE-2025-8077

Description

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/neuvector/neuvectorGo
>= 5.0.0, < 5.4.65.4.6
github.com/neuvector/neuvectorGo
< 0.0.0-20250825191744-da1a462074c30.0.0-20250825191744-da1a462074c3

Affected products

9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.