CVE-2020-25688

EPSS 0.03% · P9 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-25688

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用硬编码的密码学密钥

Source: NVD (National Vulnerability Database)

Vulnerability Title

Red Hat Advanced Cluster Management 信任管理问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Red Hat Advanced Cluster Management是美国红帽（Red Hat）公司的一个控制台集群控制软件。 Red Hat Advanced Cluster Management for Kubernetes 2中的rhacm2/mcm-topology-api-rhel8和Red Hat Advanced Cluster Management for Kubernetes 2中的rhacm2/grc-ui-api-rhel8 存在安全漏洞，目前尚无此漏洞的相关信息，请随时关注CNN

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	rhacm	All rhacm versions before 2.0.5 and before 2.1.0	-

II. Public POCs for CVE-2020-25688

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-25688

请登录查看更多情报信息。

Same Patch Batch · n/a · 2020-11-23 · 32 CVEs total

CVE-2020-7777	7.2 HIGH	Arbitrary Code Execution
CVE-2020-28864		Winscp 缓冲区错误漏洞
CVE-2020-0569		Intel PROSet/Wireless WiFi Software 缓冲区错误漏洞
CVE-2020-28053		Hashicorp HashiCorp Consul 安全漏洞
CVE-2020-27985		Security Onion Solutions Security Onion 安全漏洞
CVE-2020-28421		Broadcom CA Unified Infrastructure Management 安全漏洞
CVE-2019-14553		EDK2 授权问题漏洞
CVE-2019-14559		EDK2 资源管理错误漏洞
CVE-2019-14562		EDK2 输入验证错误漏洞
CVE-2019-14563		EDK2 输入验证错误漏洞
CVE-2019-14575		EDK2 安全漏洞
CVE-2019-14586		EDK2 资源管理错误漏洞
CVE-2019-14587		EDK2 安全漏洞
CVE-2020-12351		Linux kernel 输入验证错误漏洞
CVE-2020-12352		Linux kernel 信息泄露漏洞
CVE-2020-6939		Tableau Software Server 授权问题漏洞
CVE-2020-28984		SPIP 安全漏洞
CVE-2020-28896		Mutt和NeoMutt 安全漏洞
CVE-2020-28927		Magicpin 跨站脚本漏洞
CVE-2020-15436		Linux kernel 资源管理错误漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: rhacm

Same vendor: n/a

Same weakness: CWE-321

V. Comments for CVE-2020-25688

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-25688

I. Basic Information for CVE-2020-25688

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-25688

III. Intelligence Information for CVE-2020-25688

Same Patch Batch · n/a · 2020-11-23 · 32 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-25688

Leave a comment