CVE-2025-6017 is a medium-severity vulnerability affecting Red Hat Advanced Cluster Management (ACM) for Kubernetes 2, specifically versions prior to 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning a user with limited permissions but who can access the ACM UI—to view confidential managed cluster credentials that should only be accessible to authorized administrators. These credentials typically include sensitive authentication tokens or keys used to manage Kubernetes clusters. The vulnerability arises from improper access control enforcement in the user interface layer, leading to exposure of private personal and administrative information. Exploiting this vulnerability does not require user interaction beyond accessing the UI, and the attacker does not need elevated privileges beyond unprivileged user status. The CVSS v3.1 score is 5.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. The attack vector is local (AV:L), requiring access to the system or network where ACM UI is accessible, and the attack complexity is low (AC:L). This vulnerability could lead to unauthorized disclosure of cluster credentials, potentially enabling further attacks such as unauthorized cluster access, lateral movement, or privilege escalation if combined with other vulnerabilities or misconfigurations. No known exploits in the wild have been reported yet, and patches are available in versions 2.10.7, 2.11.4, and 2.12.4 or later.

For European organizations using Red Hat ACM for Kubernetes, this vulnerability poses a significant risk to the confidentiality of their Kubernetes cluster credentials. Exposure of these credentials could allow unauthorized actors to gain access to managed clusters, potentially leading to data breaches, unauthorized modifications, or disruption of critical cloud-native applications. Given the increasing adoption of Kubernetes for cloud infrastructure and the reliance on Red Hat ACM for centralized cluster management, this vulnerability could affect sectors with high regulatory requirements such as finance, healthcare, and government agencies across Europe. The breach of cluster credentials could also undermine compliance with GDPR and other data protection regulations, leading to legal and reputational consequences. Additionally, attackers leveraging this vulnerability could use the exposed credentials as a foothold for further attacks within the organization’s infrastructure, increasing the overall risk profile.

European organizations should immediately verify their Red Hat ACM versions and upgrade to 2.10.7, 2.11.4, 2.12.4, or later to remediate this vulnerability. Beyond patching, organizations should enforce strict role-based access controls (RBAC) within ACM to limit UI access to only trusted administrators. Network segmentation should be applied to restrict access to the ACM UI to trusted internal networks or VPN users. Implementing multi-factor authentication (MFA) for ACM access can further reduce the risk of unauthorized access by unprivileged users. Regular audits of user permissions and monitoring of access logs for anomalous UI access patterns can help detect potential exploitation attempts. Additionally, organizations should consider rotating cluster credentials after patching to invalidate any credentials that may have been exposed prior to remediation. Finally, integrating ACM with centralized secrets management solutions can reduce the risk of credential exposure through the UI.