Red Hat Connectivity Link AuthPolicy Exposes Secrets via HTTP (CVE-2025-25209)
CVE-2025-25209 Published on June 9, 2025

Rhcl: sharedsecretref can be used to leak secrets severity
The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2025-25209 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2025-25209

Want to know whenever a new CVE is published for Red Hat Connectivity Link? stack.watch will email you.

Red Hat Connectivity Link
 

Exploit Probability

EPSS
0.04%
Percentile
11.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.