← Back to CVEs
CVE-2025-25209
MEDIUM5.7
Description
The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
CVE Details
CVSS v3.1 Score5.7
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published6/9/2025
Last Modified6/9/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-200
References
https://access.redhat.com/security/cve/CVE-2025-25209(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2347438(secalert@redhat.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.