- Description
- The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 5.7
- Impact score
- 4.7
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-25209 Secrets Leakage Vulnerability in Red Hat Connectivity Link AuthPolicy Metadata https://t.co/fCNPQuoOXi
@VulmonFeeds
9 Jun 2025
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25209 The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system in… https://t.co/vstItj1m25
@CVEnew
9 Jun 2025
362 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes