Home > Vulnerability Database > CVE-2025-2241

Mend.io Vulnerability Database

CVE-2025-2241

Date: March 17, 2025

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.

Severity Score

8.2

Related Resources (6)

Url: https://github.com/openshift/hive

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-2241

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2351350

Url: https://github.com/advisories/GHSA-c339-mwfc-fmr2

Url: https://access.redhat.com/security/cve/CVE-2025-2241

Url: https://www.mend.io/vulnerability-database/CVE-2025-2241

Severity Score

8.2

Weakness Type (CWE)

Insecure Storage of Sensitive Information

CWE-922

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-2241

Date: March 17, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?