Description

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack

INFO

Published Date :

2025-10-30T09:38:58.261Z

Last Modified :

2025-10-30T14:01:08.513Z

Source :

suse
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54470 vulnerability.

Vendors Products
Suse
  • Neuvector
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54470.

URL Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54470 cve-icon cve-icon
https://github.com/neuvector/neuvector/security/advisories/GHSA-qqj3-g7mx-5p4w cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact