CVE-2025-6017 is a medium-severity vulnerability identified in Red Hat Advanced Cluster Management (RHACM) for Kubernetes versions prior to 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning someone with limited access rights—to view confidential managed cluster credentials through the RHACM user interface. These credentials are intended to be accessible only by authorized administrators or privileged users managing Kubernetes clusters. The exposure occurs due to insufficient access control enforcement in the UI layer, enabling unauthorized actors to retrieve sensitive administrative information. This vulnerability impacts the confidentiality of the system but does not affect integrity or availability. The CVSS 3.1 base score is 5.5, reflecting a medium severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local attack vector, low attack complexity, requiring privileges, no user interaction, unchanged scope, and high confidentiality impact. Exploitation does not require user interaction but does require some level of privileges, which suggests that attackers with limited access could escalate their visibility into cluster credentials. Since these credentials often provide broad administrative access to managed Kubernetes clusters, their exposure can lead to further compromise of cluster resources and workloads. No known exploits are currently reported in the wild, and no patches or mitigations are linked yet, indicating this is a newly disclosed vulnerability. Organizations using RHACM should prioritize reviewing access controls and applying updates once available.

For European organizations, this vulnerability poses a significant risk to the confidentiality of Kubernetes cluster management credentials. Many enterprises and public sector entities in Europe rely on Kubernetes for container orchestration and use RHACM to centrally manage multiple clusters. Exposure of cluster credentials could allow attackers to gain unauthorized administrative access, potentially leading to data breaches, lateral movement within cloud or hybrid environments, and disruption of critical services. Given the increasing adoption of Kubernetes in sectors such as finance, healthcare, and government across Europe, the impact could be substantial if exploited. Confidentiality loss could also lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. The vulnerability's requirement for some privilege level reduces the risk from external attackers but raises concerns about insider threats or compromised accounts within organizations.

Immediate mitigation steps include restricting access to the RHACM UI strictly to trusted administrators and implementing strong role-based access controls (RBAC) to limit user privileges. Organizations should audit current user permissions to ensure no unnecessary privileges are granted. Network segmentation and multi-factor authentication (MFA) for accessing management consoles can reduce the risk of unauthorized access. Monitoring and logging access to the RHACM UI should be enhanced to detect anomalous behavior. Since no patches are currently linked, organizations should stay alert for official Red Hat updates and apply them promptly once released. Additionally, consider using temporary credential rotation policies for managed clusters to limit the window of exposure if credentials are leaked. Employing secrets management tools and minimizing credential exposure in UI components can also help reduce risk.