9.9

CVE-2025-10725

EPSS 0.16%
Veröffentlicht 30.09.2025 18:15:47
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

CNA 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstelleropendatahub-io

≫

Produkt opendatahub-operator

Default Statusunaffected

Version 0

Version < 3.0.0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.16

Default Statusaffected

Version sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.19

Default Statusaffected

Version sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.21

Default Statusaffected

Version sha256:db339d2d4f86af4efa695ef193d19e26b25fec80017fa2780833a4cd944e383b

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.22

Default Statusaffected

Version sha256:dccc7c6cf920da7ffeadbad42f5727f2d58d54ceef399ac98441345d06ff10c4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift AI 2.24

Default Statusaffected

Version sha256:12c1d1066e75951aad1d333bcbc1675ba7a795b57744294c23decec1655709c7

Version < *

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.367

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://access.redhat.com/security/cve/CVE-2025-10725

https://bugzilla.redhat.com/show_bug.cgi?id=2396641

https://access.redhat.com/errata/RHSA-2025:16981

https://access.redhat.com/errata/RHSA-2025:16982

https://access.redhat.com/errata/RHSA-2025:16984

https://access.redhat.com/errata/RHSA-2025:16983

https://access.redhat.com/errata/RHSA-2025:17501

https://github.com/opendatahub-io/opendatahub-operator/commit/070057ebd0882be0e397bee1daa18c36374a03c0

https://github.com/opendatahub-io/opendatahub-operator/pull/2571

https://nvd.nist.gov/vuln/detail/CVE-2025-10725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10725

EUVD