1. Home
  2. CVE Database
  3. CVE-2025-2241
HIGH · 8.2

CVE-2025-2241

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object aft...

Vulnerability Description

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-922

References

FAQ

What is CVE-2025-2241?

CVE-2025-2241 is a vulnerability with a CVSS score of 8.2 (HIGH). A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object aft...

How severe is CVE-2025-2241?

CVE-2025-2241 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2241?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.