CVE-2025-6017

MEDIUM

Red Hat Advanced Cluster Management <2.10.7-2.12.4 - Info Disclosure

Title source: llm

Description

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2025-6017

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2372362

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (1)

redhat/advanced_cluster_management_for_kubernetes 2.10 - 2.10.7

Published Jul 02, 2025

Tracked Since Feb 18, 2026