CVE-2025-6017

Rhacm: users with clusterreader role can see credentials from managed-clusters

CVSS 5.5 MEDIUMEPSS 0.1%CWE-359

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

02 jul 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

ocmRed Hat · Red Hat Advanced Cluster Management for Kubernetes 2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/security/cve/CVE-2025-6017 https://bugzilla.redhat.com/show_bug.cgi?id=2372362