Information Leakage Vulnerability in Red Hat Connectivity Link
CVE-2025-25209

5.7MEDIUM

Key Information:

Status
Red Hat Connectivity Link 1
Vendor
CVE Published:
9 June 2025

What is CVE-2025-25209?

The AuthPolicy metadata within Red Hat Connectivity Link has a critical flaw that allows for potential information leakage. The vulnerability arises from the mishandling of sensitive data, as the object fails to copy secret information to the specified namespace, instead relying on its presence within the kuadrant-system. This oversight could be exploited by a malicious actor possessing developer-level access, provided they are aware of the specific secret names. Attackers can leak these secrets via an HTTP connection, with the limitation that the secrets must be constrained to a single line. Ensuring proper access controls and data handling procedures is essential to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-25209
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2347438
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.