CVE-2025-6017

Rhacm: users with clusterreader role can see credentials from managed-clusters

CVSS 5.5 MEDIUMEPSS 0.1%CWE-359

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

02 jul 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

ocmRed Hat · Red Hat Advanced Cluster Management for Kubernetes 2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2025-6017 https://bugzilla.redhat.com/show_bug.cgi?id=2372362