CVE-2025-67860: CWE-522: Insufficiently Protected Credentials in SUSE harvester
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.
CVE-2025-67860: CWE-522: Insufficiently Protected Credentials in SUSE harvester
Description
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- suse
- Date Reserved
- 2025-12-12T14:23:59.780Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699ed1dfb7ef31ef0bfbbf25
Added to database: 2/25/2026, 10:41:35 AM
Last updated: 2/25/2026, 10:41:42 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-26103: Missing Authorization in Red Hat Red Hat Enterprise Linux 10
HighCVE-2024-22128: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in SAP_SE SAP NetWeaver Business Client for HTML
MediumCVE-2026-2410: CWE-352 Cross-Site Request Forgery (CSRF) in themeisle Disable Admin Notices – Hide Dashboard Notifications
MediumCVE-2026-2367: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ays-pro Secure Copy Content Protection and Content Locking
MediumCVE-2026-2301: CWE-862 Missing Authorization in metaphorcreations Post Duplicator
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.