{"id":"GO-2025-4235","summary":"NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) in github.com/neuvector/neuvector","details":"NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) in github.com/neuvector/neuvector","aliases":["CVE-2025-66001","GHSA-4jj9-cgqc-x9h5"],"modified":"2025-12-15T21:11:11.586559Z","published":"2025-12-15T20:37:41Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-4235","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5"},{"type":"FIX","url":"https://github.com/neuvector/neuvector/commit/955904b5762f296d209bf395a5fcc7a40a53c424"}],"affected":[{"package":{"name":"github.com/neuvector/neuvector","ecosystem":"Go","purl":"pkg:golang/github.com/neuvector/neuvector"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/neuvector/neuvector/controller/kv"}],"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.3.0"},{"fixed":"5.4.8"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4235.json"}}],"schema_version":"1.7.3"}