Skip to main content

CVE-2025-6017: Exposure of Private Personal Information to an Unauthorized Actor in Red Hat Red Hat Advanced Cluster Management for Kubernetes 2

Medium
VulnerabilityCVE-2025-6017cvecve-2025-6017
Published: Wed Jul 02 2025 (07/02/2025, 06:36:47 UTC)
Source: CVE Database V5
Vendor/Project: Red Hat
Product: Red Hat Advanced Cluster Management for Kubernetes 2

Description

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

AI-Powered Analysis

AILast updated: 07/02/2025, 07:09:36 UTC

Technical Analysis

CVE-2025-6017 is a medium-severity vulnerability affecting Red Hat Advanced Cluster Management (ACM) for Kubernetes 2, specifically versions prior to 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user—meaning a user with limited permissions but who can access the ACM UI—to view confidential managed cluster credentials that should only be accessible to authorized administrators. These credentials typically include sensitive authentication tokens or keys used to manage Kubernetes clusters. The vulnerability arises from improper access control enforcement in the user interface layer, leading to exposure of private personal and administrative information. Exploiting this vulnerability does not require user interaction beyond accessing the UI, and the attacker does not need elevated privileges beyond unprivileged user status. The CVSS v3.1 score is 5.5 (medium), reflecting high confidentiality impact but no impact on integrity or availability. The attack vector is local (AV:L), requiring access to the system or network where ACM UI is accessible, and the attack complexity is low (AC:L). This vulnerability could lead to unauthorized disclosure of cluster credentials, potentially enabling further attacks such as unauthorized cluster access, lateral movement, or privilege escalation if combined with other vulnerabilities or misconfigurations. No known exploits in the wild have been reported yet, and patches are available in versions 2.10.7, 2.11.4, and 2.12.4 or later.

Potential Impact

For European organizations using Red Hat ACM for Kubernetes, this vulnerability poses a significant risk to the confidentiality of their Kubernetes cluster credentials. Exposure of these credentials could allow unauthorized actors to gain access to managed clusters, potentially leading to data breaches, unauthorized modifications, or disruption of critical cloud-native applications. Given the increasing adoption of Kubernetes for cloud infrastructure and the reliance on Red Hat ACM for centralized cluster management, this vulnerability could affect sectors with high regulatory requirements such as finance, healthcare, and government agencies across Europe. The breach of cluster credentials could also undermine compliance with GDPR and other data protection regulations, leading to legal and reputational consequences. Additionally, attackers leveraging this vulnerability could use the exposed credentials as a foothold for further attacks within the organization’s infrastructure, increasing the overall risk profile.

Mitigation Recommendations

European organizations should immediately verify their Red Hat ACM versions and upgrade to 2.10.7, 2.11.4, 2.12.4, or later to remediate this vulnerability. Beyond patching, organizations should enforce strict role-based access controls (RBAC) within ACM to limit UI access to only trusted administrators. Network segmentation should be applied to restrict access to the ACM UI to trusted internal networks or VPN users. Implementing multi-factor authentication (MFA) for ACM access can further reduce the risk of unauthorized access by unprivileged users. Regular audits of user permissions and monitoring of access logs for anomalous UI access patterns can help detect potential exploitation attempts. Additionally, organizations should consider rotating cluster credentials after patching to invalidate any credentials that may have been exposed prior to remediation. Finally, integrating ACM with centralized secrets management solutions can reduce the risk of credential exposure through the UI.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2025-06-11T21:09:21.420Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6864d7a66f40f0eb7291c1c1

Added to database: 7/2/2025, 6:54:30 AM

Last enriched: 7/2/2025, 7:09:36 AM

Last updated: 7/4/2025, 6:02:56 AM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats