CVE-2025-10725

Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin

CVSS 9.9 CRITICALEPSS 0.7%CWE-266

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.9EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

30 Sep 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

opendatahub-io · opendatahub-operator Red Hat · Red Hat OpenShift AI 2.16 Red Hat · Red Hat OpenShift AI 2.19 Red Hat · Red Hat OpenShift AI 2.21 Red Hat · Red Hat OpenShift AI 2.22 Red Hat · Red Hat OpenShift AI 2.24

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2025:16981 https://access.redhat.com/errata/RHSA-2025:16982 https://access.redhat.com/errata/RHSA-2025:16983 https://access.redhat.com/errata/RHSA-2025:16984 https://access.redhat.com/errata/RHSA-2025:17501 https://access.redhat.com/security/cve/CVE-2025-10725 https://bugzilla.redhat.com/show_bug.cgi?id=2396641 https://github.com/opendatahub-io/opendatahub-operator/commit/070057ebd0882be0e397bee1daa18c36374a03c0 https://github.com/opendatahub-io/opendatahub-operator/pull/2571