{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25209", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-02-03T20:02:01.750Z", "datePublished": "2025-06-09T06:13:56.342Z", "dateUpdated": "2025-06-09T13:23:23.962Z"}, "containers": {"cna": {"title": "Rhcl: sharedsecretref can be used to leak secrets severity", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."}], "affected": [{"versions": [{"status": "affected", "version": "1.0.1", "versionType": "semver"}], "packageName": "rhcl-operator-container", "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link", "defaultStatus": "unknown"}, {"vendor": "Red Hat", "product": "Red Hat Connectivity Link 1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcl-operator-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:connectivity_link:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-25209", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438", "name": "RHBZ#2347438", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-02-24T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "workarounds": [{"lang": "en", "value": "There's no known mitigation for this issue."}], "timeline": [{"lang": "en", "time": "2025-02-24T23:40:29.388000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-24T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T06:13:56.342Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T13:23:18.884257Z", "id": "CVE-2025-25209", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T13:23:23.962Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25209", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T13:23:18.884257Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T13:23:21.446Z"}}], "cna": {"title": "Rhcl: sharedsecretref can be used to leak secrets severity", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "1.0.1", "versionType": "semver"}], "packageName": "rhcl-operator-container", "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:connectivity_link:1"], "vendor": "Red Hat", "product": "Red Hat Connectivity Link 1", "packageName": "rhcl-operator-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-02-24T23:40:29.388000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-24T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-02-24T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-25209", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438", "name": "RHBZ#2347438", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "There's no known mitigation for this issue."}], "descriptions": [{"lang": "en", "value": "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T06:13:56.342Z"}, "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}}, "cveMetadata": {"cveId": "CVE-2025-25209", "state": "PUBLISHED", "dateUpdated": "2025-06-09T13:23:23.962Z", "dateReserved": "2025-02-03T20:02:01.750Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-09T06:13:56.342Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."}], "id": "CVE-2025-25209", "lastModified": "2025-06-09T12:15:47.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2025-06-09T06:15:24.853", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-25209"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "RHCL: sharedSecretRef Can Be Used To Leak Secrets Severity", "id": "2347438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-200", "details": ["The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.", "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."], "mitigation": {"lang": "en:us", "value": "There's no known mitigation for this issue."}, "name": "CVE-2025-25209", "package_state": [{"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Fix deferred", "package_name": "rhcl-operator-container", "product_name": "Red Hat Connectivity Link 1"}], "public_date": "2025-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-25209\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-25209"], "statement": "Red Hat Product Security has rated this vulnerability as with Moderate severity. Although the secrets can be leaked by default there's no highly sensitive secrets in this specific namespace, limiting the possible impact from a successful attack.", "threat_severity": "Moderate"}