CVE-2025-6017: Exposure of Private Personal Information to an Unauthorized Actor in Red Hat Red Hat Advanced Cluster Management for Kubernetes 2
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.
AI Analysis
Technical Summary
CVE-2025-6017 is a medium-severity vulnerability affecting Red Hat Advanced Cluster Management (ACM) for Kubernetes 2, specifically versions prior to 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning a user with limited permissions but who can access the ACM UI—to view confidential managed cluster credentials that should only be accessible to authorized administrators. These credentials typically include sensitive authentication tokens or keys used to manage Kubernetes clusters. The vulnerability arises from improper access control enforcement in the user interface layer, leading to exposure of private personal and administrative information. Exploiting this vulnerability does not require user interaction beyond accessing the UI, and the attacker does not need elevated privileges beyond unprivileged user status. The CVSS v3.1 score is 5.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. The attack vector is local (AV:L), requiring access to the system or network where ACM UI is accessible, and the attack complexity is low (AC:L). This vulnerability could lead to unauthorized disclosure of cluster credentials, potentially enabling further attacks such as unauthorized cluster access, lateral movement, or privilege escalation if combined with other vulnerabilities or misconfigurations. No known exploits in the wild have been reported yet, and patches are available in versions 2.10.7, 2.11.4, and 2.12.4 or later.
Potential Impact
For European organizations using Red Hat ACM for Kubernetes, this vulnerability poses a significant risk to the confidentiality of their Kubernetes cluster credentials. Exposure of these credentials could allow unauthorized actors to gain access to managed clusters, potentially leading to data breaches, unauthorized modifications, or disruption of critical cloud-native applications. Given the increasing adoption of Kubernetes for cloud infrastructure and the reliance on Red Hat ACM for centralized cluster management, this vulnerability could affect sectors with high regulatory requirements such as finance, healthcare, and government agencies across Europe. The breach of cluster credentials could also undermine compliance with GDPR and other data protection regulations, leading to legal and reputational consequences. Additionally, attackers leveraging this vulnerability could use the exposed credentials as a foothold for further attacks within the organization’s infrastructure, increasing the overall risk profile.
Mitigation Recommendations
European organizations should immediately verify their Red Hat ACM versions and upgrade to 2.10.7, 2.11.4, 2.12.4, or later to remediate this vulnerability. Beyond patching, organizations should enforce strict role-based access controls (RBAC) within ACM to limit UI access to only trusted administrators. Network segmentation should be applied to restrict access to the ACM UI to trusted internal networks or VPN users. Implementing multi-factor authentication (MFA) for ACM access can further reduce the risk of unauthorized access by unprivileged users. Regular audits of user permissions and monitoring of access logs for anomalous UI access patterns can help detect potential exploitation attempts. Additionally, organizations should consider rotating cluster credentials after patching to invalidate any credentials that may have been exposed prior to remediation. Finally, integrating ACM with centralized secrets management solutions can reduce the risk of credential exposure through the UI.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy, Spain
CVE-2025-6017: Exposure of Private Personal Information to an Unauthorized Actor in Red Hat Red Hat Advanced Cluster Management for Kubernetes 2
Description
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.
AI-Powered Analysis
Technical Analysis
CVE-2025-6017 is a medium-severity vulnerability affecting Red Hat Advanced Cluster Management (ACM) for Kubernetes 2, specifically versions prior to 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning a user with limited permissions but who can access the ACM UI—to view confidential managed cluster credentials that should only be accessible to authorized administrators. These credentials typically include sensitive authentication tokens or keys used to manage Kubernetes clusters. The vulnerability arises from improper access control enforcement in the user interface layer, leading to exposure of private personal and administrative information. Exploiting this vulnerability does not require user interaction beyond accessing the UI, and the attacker does not need elevated privileges beyond unprivileged user status. The CVSS v3.1 score is 5.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. The attack vector is local (AV:L), requiring access to the system or network where ACM UI is accessible, and the attack complexity is low (AC:L). This vulnerability could lead to unauthorized disclosure of cluster credentials, potentially enabling further attacks such as unauthorized cluster access, lateral movement, or privilege escalation if combined with other vulnerabilities or misconfigurations. No known exploits in the wild have been reported yet, and patches are available in versions 2.10.7, 2.11.4, and 2.12.4 or later.
Potential Impact
For European organizations using Red Hat ACM for Kubernetes, this vulnerability poses a significant risk to the confidentiality of their Kubernetes cluster credentials. Exposure of these credentials could allow unauthorized actors to gain access to managed clusters, potentially leading to data breaches, unauthorized modifications, or disruption of critical cloud-native applications. Given the increasing adoption of Kubernetes for cloud infrastructure and the reliance on Red Hat ACM for centralized cluster management, this vulnerability could affect sectors with high regulatory requirements such as finance, healthcare, and government agencies across Europe. The breach of cluster credentials could also undermine compliance with GDPR and other data protection regulations, leading to legal and reputational consequences. Additionally, attackers leveraging this vulnerability could use the exposed credentials as a foothold for further attacks within the organization’s infrastructure, increasing the overall risk profile.
Mitigation Recommendations
European organizations should immediately verify their Red Hat ACM versions and upgrade to 2.10.7, 2.11.4, 2.12.4, or later to remediate this vulnerability. Beyond patching, organizations should enforce strict role-based access controls (RBAC) within ACM to limit UI access to only trusted administrators. Network segmentation should be applied to restrict access to the ACM UI to trusted internal networks or VPN users. Implementing multi-factor authentication (MFA) for ACM access can further reduce the risk of unauthorized access by unprivileged users. Regular audits of user permissions and monitoring of access logs for anomalous UI access patterns can help detect potential exploitation attempts. Additionally, organizations should consider rotating cluster credentials after patching to invalidate any credentials that may have been exposed prior to remediation. Finally, integrating ACM with centralized secrets management solutions can reduce the risk of credential exposure through the UI.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-06-11T21:09:21.420Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6864d7a66f40f0eb7291c1c1
Added to database: 7/2/2025, 6:54:30 AM
Last enriched: 7/2/2025, 7:09:36 AM
Last updated: 7/4/2025, 6:02:56 AM
Views: 7
Related Threats
CVE-2025-5920: CWE-201 Insertion of Sensitive Information Into Sent Data in Sharable Password Protected Posts
UnknownCVE-2025-53569: CWE-352 Cross-Site Request Forgery (CSRF) in Trust Payments Trust Payments Gateway for WooCommerce (JavaScript Library)
MediumCVE-2025-53568: CWE-352 Cross-Site Request Forgery (CSRF) in Tony Zeoli Radio Station
MediumCVE-2025-53566: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in osama.esh WP Visitor Statistics (Real Time Traffic)
MediumCVE-2025-30983: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gopiplus Card flip image slideshow
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.