CVE-2025-6017
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-08-20
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | advanced_cluster_management_for_kubernetes | From 2.10 (inc) to 2.10.7 (exc) |
| redhat | advanced_cluster_management_for_kubernetes | From 2.11 (inc) to 2.11.4 (exc) |
| redhat | advanced_cluster_management_for_kubernetes | From 2.12 (inc) to 2.12.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Red Hat Advanced Cluster Management allows an unprivileged user to view confidential managed cluster credentials through the user interface. These credentials should only be accessible to authorized users, so this flaw exposes sensitive administrative information to unauthorized users.
How can this vulnerability impact me? :
The impact of this vulnerability is the potential loss of confidentiality of administrative credentials. Unauthorized users gaining access to these credentials could lead to unauthorized access or control over managed clusters, increasing the risk of further security breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively affect compliance with standards and regulations that require protection of sensitive information, such as GDPR and HIPAA, because it allows unauthorized disclosure of confidential administrative credentials, potentially leading to data breaches.