9.9

CVE-2025-10725

EPSS 0.07%
Veröffentlicht 30.09.2025 18:15:47
Zuletzt bearbeitet 02.10.2025 19:12:17
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.16

Default Statusaffected

Version < *

Version sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.19

Default Statusaffected

Version < *

Version sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.21

Default Statusaffected

Version < *

Version sha256:66e2c3916ae1cdb08edab90f0868965b26991ce43fb120db7f2d05311d90c9c8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.22

Default Statusaffected

Version < *

Version sha256:57b12c6c6ed0a9f6af1388df3b8f60bbd82d3e4add1928b9578fa91ff24f570c

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://access.redhat.com/security/cve/CVE-2025-10725

https://bugzilla.redhat.com/show_bug.cgi?id=2396641

https://access.redhat.com/errata/RHSA-2025:16981

https://access.redhat.com/errata/RHSA-2025:16982

https://access.redhat.com/errata/RHSA-2025:16984

https://access.redhat.com/errata/RHSA-2025:16983

https://nvd.nist.gov/vuln/detail/CVE-2025-10725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10725

EUVD