Cyber Resilience

CVE-2025-66001

High

Published: 08 January 2026

Published
08 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0032 23.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-66001 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Suse (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SC-17 (Public Key Infrastructure Certificates).

Deeper analysis

CVE-2025-66001 is a vulnerability in NeuVector, a container security platform, affecting its login authentication mechanism via OpenID Connect. By default, TLS verification—which ensures the authenticity and integrity of the remote OpenID Connect server—is not enforced. This flaw, classified under CWE-295 (Improper Certificate Validation), exposes NeuVector deployments to man-in-the-middle (MITM) attacks and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Attackers positioned to intercept network traffic between NeuVector and the OpenID Connect provider can exploit this vulnerability without requiring authentication privileges. Exploitation demands low complexity and user interaction, such as a victim user triggering the login process. Successful attacks enable high-impact compromise of confidentiality, integrity, and availability, potentially allowing interception or alteration of authentication data.

Mitigation guidance is available in the official advisories, including the NeuVector GitHub security advisory at https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5 and the SUSE Bugzilla entry at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Missing TLS certificate validation directly enables adversary-in-the-middle attacks against OIDC authentication flows, allowing interception or manipulation of tokens/credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33810Shared CWE-295
CVE-2026-42012Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2024-11621Shared CWE-295
CVE-2025-70043Shared CWE-295
CVE-2026-4396Shared CWE-295
CVE-2026-25160Shared CWE-295
CVE-2026-1530Shared CWE-295
CVE-2025-1193Shared CWE-295
CVE-2025-9293Shared CWE-295

Affected Assets

Suse
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires authentication of identity providers and authorization servers like OpenID Connect, including TLS certificate verification to prevent MITM attacks.

prevent

Mandates validation of PKI certificates by verifying certification paths to trust anchors, directly mitigating improper certificate validation in TLS for OpenID Connect.

prevent

Enforces cryptographic mechanisms to protect confidentiality and integrity of transmissions, preventing MITM interception and alteration of authentication data to OpenID Connect servers.

References