9.9

CVE-2025-10725

EPSS 0.09%
Veröffentlicht 30.09.2025 18:15:47
Zuletzt bearbeitet 06.11.2025 22:15:38
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.16

Default Statusaffected

Version < *

Version sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.19

Default Statusaffected

Version < *

Version sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.21

Default Statusaffected

Version < *

Version sha256:db339d2d4f86af4efa695ef193d19e26b25fec80017fa2780833a4cd944e383b

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.22

Default Statusaffected

Version < *

Version sha256:57b12c6c6ed0a9f6af1388df3b8f60bbd82d3e4add1928b9578fa91ff24f570c

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.24

Default Statusaffected

Version < *

Version sha256:12c1d1066e75951aad1d333bcbc1675ba7a795b57744294c23decec1655709c7

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.255

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://access.redhat.com/security/cve/CVE-2025-10725

https://bugzilla.redhat.com/show_bug.cgi?id=2396641

https://access.redhat.com/errata/RHSA-2025:16981

https://access.redhat.com/errata/RHSA-2025:16982

https://access.redhat.com/errata/RHSA-2025:16984

https://access.redhat.com/errata/RHSA-2025:16983

https://access.redhat.com/errata/RHSA-2025:17501

https://nvd.nist.gov/vuln/detail/CVE-2025-10725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10725

EUVD