CVE-2025-2241
Published: 17 March 2025
Description
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Security Summary
CVE-2025-2241, published on 2025-03-17, is a vulnerability in Hive, a component of Red Hat's Multicluster Engine (MCE) and Advanced Cluster Management (ACM). The flaw exposes vCenter credentials in the ClusterProvision object after provisioning a vSphere cluster. This allows users with read access to ClusterProvision objects to extract sensitive credentials without direct access to Kubernetes Secrets. It carries a CVSS score of 8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) and maps to CWE-922.
Attackers require low privileges (PR:L), specifically read access to ClusterProvision objects, and can exploit it over the network (AV:N) without user interaction (UI:N), though it demands high attack complexity (AC:H). Exploitation grants high confidentiality and integrity impacts (C:H/I:H) across a changed scope (S:C), enabling unauthorized vCenter access, cluster management, and privilege escalation.
Red Hat's security advisory at https://access.redhat.com/security/cve/CVE-2025-2241, Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2351350, and the Hive fix in https://github.com/openshift/hive/pull/2612 provide details on patches and mitigation steps.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability exposes vCenter credentials insecurely in ClusterProvision object, directly enabling extraction of unsecured credentials without needing Secrets access.