CVE-2025-2241

Name of the Vulnerable Software and Affected Versions Hive versions (affected versions not specified)

Description A flaw in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM), causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials, leading to unauthorized VCenter access, cluster management, and privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.