CVE-2025-66001

NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

CVSS 8.8 HIGHEPSS 0.3%CWE-295

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

SUSE · neuvector

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001 https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5