← voltar
CVE-2025-25209

Rhcl: sharedsecretref can be used to leak secrets severity

CVSS 5.7 MEDIUMEPSS 0.2%CWE-200
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 jun 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Produtos afetados
rhcl-operator-containerRed Hat · Red Hat Connectivity Link 1