CVE-2025-6017

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-6017
https://bugzilla.redhat.com/show_bug.cgi?id=2372362

Configurations

No configuration.

History

03 Jul 2025, 15:13

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en Red Hat Advanced Cluster Management en las versiones 2.10 (anteriores a la 2.10.7), 2.11 (anteriores a la 2.11.4) y 2.12 (anteriores a la 2.12.4). Esta vulnerabilidad permite a un usuario sin privilegios acceder a las credenciales confidenciales del clúster administrado a través de la interfaz de usuario. Esta información solo debería ser accesible para usuarios autorizados y puede provocar la pérdida de confidencialidad de la información administrativa, que podría filtrarse a usuarios no autorizados.

02 Jul 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 07:15

Updated : 2025-07-03 15:13

NVD link : CVE-2025-6017

Mitre link : CVE-2025-6017

CVE.ORG link : CVE-2025-6017

JSON object : View

Products Affected

No product.

CWE

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

5.5 /10