exploitDog

CVE-2025-66001

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

Ссылки

EPSS

Процентиль: 21%

0.0007

Низкий

8.8 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-4jj9-cgqc-x9h5

CVSS3: 8.8

github

около 2 месяцев назад

NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

EPSS

Процентиль: 21%

0.0007

Низкий

8.8 High

CVSS3

Дефекты

CWE-295