CVE-2025-6017 is a medium-severity vulnerability identified in Red Hat Advanced Cluster Management (RHACM) for Kubernetes versions up to but not including 2.10.7, 2.11.4, and 2.12.4. The flaw allows an unprivileged user with limited privileges (PR:L) to access confidential managed cluster credentials via the product's user interface without requiring any user interaction (UI:N). Specifically, the vulnerability exposes private personal information—namely administrative credentials for managed Kubernetes clusters—that should only be accessible to authorized users. The vulnerability arises from insufficient access control enforcement in the UI layer, permitting unauthorized viewing of sensitive data. Although the attack vector is local (AV:L), meaning the attacker must have some level of access to the system or network, the impact on confidentiality is high (C:H) since the exposure of cluster credentials can lead to unauthorized access to managed clusters. The vulnerability does not affect integrity or availability directly (I:N, A:N). No known exploits are currently reported in the wild, and no patches or mitigation links were provided at the time of publication. The CVSS 3.1 score of 5.5 reflects the medium severity, balancing the high confidentiality impact against the limited attack vector and required privileges.

For European organizations using Red Hat Advanced Cluster Management for Kubernetes, this vulnerability poses a significant risk to the confidentiality of their Kubernetes cluster credentials. Unauthorized access to these credentials could allow attackers to gain control over managed clusters, potentially leading to further lateral movement, data exfiltration, or disruption of critical cloud-native applications. Given the widespread adoption of Kubernetes and Red Hat solutions in Europe, especially among enterprises and public sector organizations, the exposure of administrative credentials could undermine trust in managed infrastructure and result in compliance violations under GDPR due to unauthorized access to personal data processed within the clusters. The local attack vector implies that attackers would need some level of access to the environment, which could be achieved through compromised internal accounts or insider threats. The absence of integrity and availability impact reduces the risk of direct service disruption but does not diminish the severity of credential exposure. Organizations relying on RHACM for multi-cluster management should consider this vulnerability a priority for remediation to prevent unauthorized cluster access and potential downstream impacts.

1. Immediate upgrade: Organizations should promptly update Red Hat Advanced Cluster Management to versions 2.10.7, 2.11.4, 2.12.4, or later, where this vulnerability has been addressed. 2. Access control review: Conduct a thorough audit of user privileges within RHACM to ensure that only trusted and necessary users have access to the management UI, minimizing the risk of unprivileged users exploiting this flaw. 3. Network segmentation: Restrict access to the RHACM UI to trusted internal networks or VPNs to reduce the attack surface for local attackers. 4. Monitoring and alerting: Implement monitoring for unusual access patterns or attempts to access cluster credentials within RHACM logs and Kubernetes audit logs to detect potential exploitation attempts early. 5. Credential rotation: After patching, rotate all exposed cluster credentials to invalidate any potentially compromised secrets. 6. Implement strong authentication: Enforce multi-factor authentication (MFA) for all users accessing the RHACM UI to reduce the risk of unauthorized access. 7. Least privilege principle: Apply strict role-based access control (RBAC) policies within Kubernetes and RHACM to limit credential exposure and access scope.