PT-2025-24401 · Red Hat · Red Hat Connectivity Link
Published
2025-06-09
·
Updated
2025-06-09
·
CVE-2025-25209
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Red Hat Connectivity Link (affected versions not specified)
Description
The issue concerns the AuthPolicy metadata in Red Hat Connectivity Link, which contains an object storing secrets. However, it assumes these secrets are already in the kuadrant-system instead of copying them to the referred namespace. This creates an opportunity for a malicious actor with developer persona access to leak those secrets over an HTTP connection, provided the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Connectivity Link