CVE-2025-6017

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-6017	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372362	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes::::::::
	cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes::::::::
	cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes::::::::

History

20 Aug 2025, 16:33

Type	Values Removed	Values Added
CPE		cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes::::::::
References	~~() https://access.redhat.com/security/cve/CVE-2025-6017 -~~	() https://access.redhat.com/security/cve/CVE-2025-6017 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2372362 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2372362 - Issue Tracking, Vendor Advisory
First Time		Redhat advanced Cluster Management For Kubernetes Redhat

03 Jul 2025, 15:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 07:15

Updated : 2025-08-20 16:33

NVD link : CVE-2025-6017

Mitre link : CVE-2025-6017

CVE.ORG link : CVE-2025-6017

JSON object : View

Products Affected

redhat

advanced_cluster_management_for_kubernetes

CWE

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

{"id": "CVE-2025-6017", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-02T07:15:23.293", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-6017", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372362", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Red Hat Advanced Cluster Management en las versiones 2.10 (anteriores a la 2.10.7), 2.11 (anteriores a la 2.11.4) y 2.12 (anteriores a la 2.12.4). Esta vulnerabilidad permite a un usuario sin privilegios acceder a las credenciales confidenciales del cl\u00faster administrado a trav\u00e9s de la interfaz de usuario. Esta informaci\u00f3n solo deber\u00eda ser accesible para usuarios autorizados y puede provocar la p\u00e9rdida de confidencialidad de la informaci\u00f3n administrativa, que podr\u00eda filtrarse a usuarios no autorizados."}], "lastModified": "2025-08-20T16:33:58.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344CF216-2E92-488D-A2A7-46AB75008880", "versionEndExcluding": "2.10.7", "versionStartIncluding": "2.10"}, {"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B150B262-DB86-41D1-90D5-55E5C3C64B37", "versionEndExcluding": "2.11.4", "versionStartIncluding": "2.11"}, {"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25378F99-5C58-4CEF-ABC4-0D61842CA8BA", "versionEndExcluding": "2.12.4", "versionStartIncluding": "2.12"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}