CVE-2025-8077

Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 5.4.6

Description NeuVector versions up to and including 5.4.5 use a hardcoded password for the built-in admin account. If this password is not changed after deployment, attackers with network access within the cluster can obtain an authentication token and compromise the cluster. The token can then be used to perform any operation via NeuVector APIs. ZoomEye identifies approximately 826 potentially affected targets.

Recommendations NeuVector versions prior to 5.4.6: Immediately log in to the NeuVector UI after deployment and update the default admin password. NeuVector versions prior to 5.4.6: As a temporary workaround, restrict network access to NeuVector to minimize the risk of unauthorized access. NeuVector versions 5.4.0 through 5.4.5: Upgrade to version 5.4.6 or later to resolve the issue. NeuVector versions 5.4.6 and later: Ensure the Kubernetes RBAC roles neuvector-binding-secret-controller are created before starting NeuVector, if deploying or upgrading manually.