CVEFinder.io

CVE-2025-6017

🔶 medium
Summary

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-07-02
First Seen: 2026-01-05
Last Modified 2025-08-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-359

🔗 References 2

https://access.redhat.com/security/cve/CVE-2025-6017
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372362
Issue Tracking Vendor Advisory

📦 Affected Products 3

Vendor Product Status Affected Versions
redhat advanced_cluster_management_for_kubernetes Affected
≥ 2.10 < 2.10.7
redhat advanced_cluster_management_for_kubernetes Affected
≥ 2.11 < 2.11.4
redhat advanced_cluster_management_for_kubernetes Affected
≥ 2.12 < 2.12.4

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14874 ⚠️ high 7.5 0.1 A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header t... 2025-12-18
CVE-2023-44487 ⚠️ high 7.5 94.4 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many... 2023-10-10
CVE-2022-3248 🔶 medium 4.4 0.1 A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow ... 2023-10-05
CVE-2023-3027 ⚠️ high 7.8 0.0 The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain so... 2023-06-05
CVE-2022-3841 ⚠️ high 7.8 0.1 RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the... 2023-01-13
CVE-2022-2238 🔶 medium 6.5 0.7 A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query... 2022-09-01
These CVEs affect the same products