CVE-2025-54467

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.4.6

Description: NeuVector process handling can lead to the leakage of sensitive arguments, such as passwords, within security event logs. The software uses regular expressions to detect and redact sensitive data from process commands, but the default regex may be insufficient. While custom regex patterns can be defined, a large number of patterns can negatively impact NeuVector enforcer performance due to increased backtracking.

Recommendations: NeuVector versions prior to 5.4.6: Upgrade to version 5.4.6 or later to resolve this issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-549

Related Identifiers

CVE-2025-54467

GHSA-W54X-XFXG-4GXQ

GO-2025-3919

OPENSUSE-SU-2025:15538-1

SUSE-SU-2025:03289-1

Affected Products

Neuvector

CVE-2025-54467

Weakness Enumeration

Related Identifiers

Affected Products

References · 48