CVE-2025-6017 is a vulnerability identified in Red Hat Advanced Cluster Management for Kubernetes 2, affecting versions before 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning a user with limited but authenticated access—to view confidential managed cluster credentials through the product's user interface. These credentials are intended to be accessible only to authorized administrators or users with elevated privileges. The vulnerability arises from insufficient access control enforcement in the UI layer, permitting unauthorized disclosure of sensitive information. The exposed credentials could include tokens, certificates, or other secrets used to manage Kubernetes clusters, which if compromised, could lead to unauthorized cluster access or manipulation. The CVSS v3.1 base score is 5.5, reflecting a medium severity, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). No known exploits have been reported in the wild as of the publication date. The vulnerability was publicly disclosed on July 2, 2025, and patches are available in the specified fixed versions. This issue is critical for organizations relying on Red Hat Advanced Cluster Management to securely manage Kubernetes clusters, as leaked credentials could facilitate unauthorized access and potential further compromise of cluster resources.

The primary impact of CVE-2025-6017 is the loss of confidentiality of sensitive managed cluster credentials. Unauthorized access to these credentials can enable attackers or malicious insiders to gain unauthorized control over Kubernetes clusters, potentially leading to data exposure, unauthorized deployment or modification of workloads, and lateral movement within the infrastructure. Although the vulnerability does not directly affect integrity or availability, the compromise of credentials can be a stepping stone to more severe attacks, including privilege escalation and persistent access. Organizations using affected versions of Red Hat Advanced Cluster Management are at risk of credential leakage if unprivileged users can access the UI. This risk is heightened in environments with multiple users or where access controls are not tightly enforced. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure. The impact is significant for enterprises relying on Kubernetes for critical workloads, including cloud service providers, financial institutions, government agencies, and large enterprises with complex container orchestration environments.

To mitigate CVE-2025-6017, organizations should promptly upgrade Red Hat Advanced Cluster Management for Kubernetes 2 to versions 2.10.7, 2.11.4, 2.12.4, or later, where the vulnerability is patched. Until patching is complete, restrict UI access to trusted and fully authorized personnel only, employing network segmentation and strict access control policies. Implement role-based access control (RBAC) to ensure users have the minimum necessary privileges, and regularly audit user permissions to detect and revoke unnecessary access. Monitor UI access logs for unusual or unauthorized attempts to view cluster credentials. Employ multi-factor authentication (MFA) for UI access to reduce the risk of compromised accounts being exploited. Additionally, consider using secrets management solutions that provide additional layers of encryption and access control for cluster credentials. Conduct security awareness training for administrators and users to recognize and report suspicious activities. Finally, maintain an incident response plan to quickly address any suspected credential exposure or misuse.