CVE-2025-8077
CRITICALDescription
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-8077? +
How severe is CVE-2025-8077? +
How do I check if I'm vulnerable to CVE-2025-8077? +
Related Vulnerabilities
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username …
vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` …
An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH …
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require …
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain …
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access …