VCenter Credential Exposure in Multicluster Engine and Advanced Cluster Management
CVE-2025-2241

8.2HIGH

Key Information:

Status
Multicluster Engine For Kubernetes
Red Hat Advanced Cluster Management For Kubernetes 2
Vendor
CVE Published:
17 March 2025

What is CVE-2025-2241?

A significant flaw has been identified in Hive, part of the Multicluster Engine (MCE) and Advanced Cluster Management (ACM), that results in the exposure of VCenter credentials within the ClusterProvision object following the provisioning of a VSphere cluster. This vulnerability allows users with read access to ClusterProvision objects to extract sensitive VCenter credentials, even without direct access to Kubernetes Secrets. Such a flaw poses a risk of unauthorized VCenter access, potential cluster management compromises, and privilege escalation vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-2241
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2351350
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

JSON
.