CVE-2025-66001

High

Published: 08 January 2026

Published

08 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 5.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66001 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Suse (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SC-17 (Public Key Infrastructure Certificates).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-13 Identity Providers and Authorization Servers good match

prevent

Requires authentication of identity providers and authorization servers like OpenID Connect, including TLS certificate verification to prevent MITM attacks.

SC-17 Public Key Infrastructure Certificates good match

prevent

Mandates validation of PKI certificates by verifying certification paths to trust anchors, directly mitigating improper certificate validation in TLS for OpenID Connect.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Enforces cryptographic mechanisms to protect confidentiality and integrity of transmissions, preventing MITM interception and alteration of authentication data to OpenID Connect servers.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Missing TLS certificate validation directly enables adversary-in-the-middle attacks against OIDC authentication flows, allowing interception or manipulation of tokens/credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

Deeper analysisAI

CVE-2025-66001 is a vulnerability in NeuVector, a container security platform, affecting its login authentication mechanism via OpenID Connect. By default, TLS verification—which ensures the authenticity and integrity of the remote OpenID Connect server—is not enforced. This flaw, classified under CWE-295 (Improper Certificate Validation), exposes NeuVector deployments to man-in-the-middle (MITM) attacks and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Attackers positioned to intercept network traffic between NeuVector and the OpenID Connect provider can exploit this vulnerability without requiring authentication privileges. Exploitation demands low complexity and user interaction, such as a victim user triggering the login process. Successful attacks enable high-impact compromise of confidentiality, integrity, and availability, potentially allowing interception or alteration of authentication data.

Mitigation guidance is available in the official advisories, including the NeuVector GitHub security advisory at https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5 and the SUSE Bugzilla entry at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001.