CVE-2025-67860

Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 4.072

Description The NeuVector scanner insecurely handles passwords as command arguments. The scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. This could allow unauthorized access to registries or the NeuVector controller, potentially enabling image manipulation, information disclosure, or further lateral movement within the environment. The impact severity for confidentiality, integrity and availability is dependent on the permissions the leaked credentials have on their services.

Recommendations Upgrade to NeuVector scanner version 4.072 or later.