Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
There's no known mitigation for this issue.
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Mon, 09 Jun 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 09 Jun 2025 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only. |
Title | RHCL: sharedSecretRef Can Be Used To Leak Secrets Severity | Rhcl: sharedsecretref can be used to leak secrets severity |
First Time appeared |
Redhat
Redhat connectivity Link |
|
CPEs | cpe:/a:redhat:connectivity_link:1 | |
Vendors & Products |
Redhat
Redhat connectivity Link |
|
References |
|
Tue, 25 Feb 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | RHCL: sharedSecretRef Can Be Used To Leak Secrets Severity | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-08-30T23:27:10.539Z
Reserved: 2025-02-03T20:02:01.750Z
Link: CVE-2025-25209

Updated: 2025-06-09T13:23:21.446Z

Status : Awaiting Analysis
Published: 2025-06-09T06:15:24.853
Modified: 2025-06-09T12:15:47.880
Link: CVE-2025-25209


No data.