CVE-2025-66001

High CVSS: 8.8

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

Vendor

Product

CWE

CWE-295

Yayın Tarihi

2026-01-08 11:15:43

Güncelleme

2026-01-08 18:08:18

Source Identifier

meissner@suse.de

KEV Date Added

Kategoriler

CWE-295 HIGH 2026

Referanslar

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001 https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5