CVE-2025-6017 is a vulnerability identified in Red Hat Advanced Cluster Management (ACM) for Kubernetes 2, affecting versions up to but not including 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning a user with limited permissions—to view confidential managed cluster credentials through the ACM user interface. These credentials are intended only for authorized users, as they provide access to managed Kubernetes clusters. The vulnerability arises from insufficient access control enforcement in the UI layer, permitting unauthorized disclosure of sensitive information. The CVSS v3.1 score is 5.5 (medium severity), reflecting the vulnerability's impact on confidentiality (high), with no impact on integrity or availability. The attack vector is local (AV:L), requiring low complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The scope remains unchanged (S:U), indicating the vulnerability affects only the vulnerable component. Although no known exploits are currently reported in the wild, the exposure of cluster credentials could facilitate lateral movement or privilege escalation within Kubernetes environments if exploited. The vulnerability is particularly critical in environments where Red Hat ACM manages multiple clusters with sensitive workloads or regulated data. Given the central role of ACM in cluster lifecycle management, unauthorized access to credentials could undermine the security posture of entire Kubernetes deployments.

For European organizations, this vulnerability poses a significant risk to the confidentiality of Kubernetes cluster credentials, potentially enabling unauthorized actors to gain access to managed clusters. This could lead to data breaches, unauthorized deployment of malicious workloads, or disruption of critical services. Organizations in sectors such as finance, healthcare, telecommunications, and government, which heavily rely on Kubernetes for container orchestration and have stringent data protection requirements under GDPR, are particularly vulnerable. The exposure of credentials could also facilitate supply chain attacks or lateral movement within enterprise networks. Since the vulnerability requires only low privileges and no user interaction, insider threats or compromised low-privilege accounts could exploit this flaw to escalate access. The medium severity rating suggests that while the vulnerability is not immediately catastrophic, the potential for significant confidentiality loss warrants prompt remediation. The absence of known exploits in the wild provides a window for proactive defense, but the risk remains high given the sensitive nature of the exposed information.

European organizations should immediately upgrade Red Hat Advanced Cluster Management for Kubernetes 2 to versions 2.10.7, 2.11.4, or 2.12.4 or later, where the vulnerability is patched. Until patching is complete, restrict UI access strictly to trusted and authorized personnel using network segmentation and access control lists. Implement robust Role-Based Access Control (RBAC) policies to limit user permissions to the minimum necessary, preventing unprivileged users from accessing sensitive UI components. Enable detailed auditing and monitoring of UI access logs to detect any unauthorized attempts to view cluster credentials. Consider deploying additional security layers such as multi-factor authentication (MFA) for accessing the ACM UI. Conduct regular security assessments and penetration testing focused on Kubernetes management interfaces to identify and remediate similar issues. Educate administrators and users about the risks of credential exposure and enforce strict credential management policies, including regular rotation of cluster credentials. Finally, maintain an incident response plan tailored to Kubernetes environments to quickly address potential compromises stemming from this vulnerability.