CVE-2025-66001 identifies a critical vulnerability in SUSE NeuVector version 5.3.0 related to improper certificate validation during OpenID Connect login authentication. NeuVector supports OpenID Connect for user authentication, which relies on TLS to ensure the authenticity and integrity of the remote identity provider server. However, in this version, TLS verification is not enforced by default, meaning the system does not validate the server's TLS certificate properly. This flaw corresponds to CWE-295, which covers improper certificate validation issues. Without proper TLS verification, an attacker positioned on the network path can intercept and manipulate authentication traffic, conducting a man-in-the-middle (MITM) attack. This can lead to credential theft, session hijacking, or injection of malicious data, severely impacting confidentiality, integrity, and availability of the affected system. The vulnerability has a CVSS 3.1 base score of 8.8, reflecting its high severity with network attack vector, no privileges required, but user interaction needed (during login). Although no known exploits have been reported in the wild, the ease of exploitation and critical impact make this a significant threat. The vulnerability affects NeuVector 5.3.0, a container security platform widely used in cloud-native environments for Kubernetes security. The lack of enforced TLS verification in OpenID Connect authentication can undermine the entire security posture of organizations relying on this product for container runtime protection and compliance enforcement. This vulnerability was published on January 8, 2026, and is currently unpatched as no patch links are provided.

For European organizations, this vulnerability poses a substantial risk to the security of containerized environments protected by NeuVector 5.3.0. Successful exploitation could allow attackers to intercept authentication credentials or tokens, leading to unauthorized access to container security management consoles and potentially the underlying Kubernetes clusters. This can result in data breaches, unauthorized deployment or modification of container workloads, and disruption of critical services. Given the increasing adoption of container orchestration and cloud-native technologies across Europe, especially in sectors like finance, manufacturing, and government, the impact could be widespread. Confidentiality is at high risk due to credential exposure; integrity is compromised by possible unauthorized changes; and availability can be affected if attackers disrupt container operations or security controls. The requirement for user interaction (login) slightly limits automated exploitation but does not significantly reduce risk in environments with frequent administrative access. The absence of enforced TLS verification also undermines compliance with European data protection regulations such as GDPR, which mandate strong security controls to protect personal data.

European organizations using NeuVector 5.3.0 should immediately audit their OpenID Connect authentication configurations to ensure TLS certificate verification is explicitly enabled and enforced. If the product allows configuration changes, administrators must disable any options that bypass or ignore TLS validation. Network-level mitigations include deploying strict TLS inspection and enforcing mutual TLS where possible to prevent MITM attacks. Organizations should monitor authentication logs for unusual activity indicative of MITM attempts. Until an official patch is released, consider isolating NeuVector management interfaces behind VPNs or zero-trust network access solutions to reduce exposure. Additionally, implement multi-factor authentication (MFA) for all administrative access to mitigate the impact of credential compromise. Regularly update and patch NeuVector as soon as SUSE releases a fix. Finally, conduct security awareness training for users to recognize suspicious login behaviors and report anomalies promptly.