9.9

CVE-2025-10725

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorRed Hat
Product Red Hat OpenShift AI 2.16
Default Statusaffected
Version < *
Version sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803
Status unaffected
VendorRed Hat
Product Red Hat OpenShift AI 2.19
Default Statusaffected
Version < *
Version sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf
Status unaffected
VendorRed Hat
Product Red Hat OpenShift AI 2.21
Default Statusaffected
Version < *
Version sha256:66e2c3916ae1cdb08edab90f0868965b26991ce43fb120db7f2d05311d90c9c8
Status unaffected
VendorRed Hat
Product Red Hat OpenShift AI 2.22
Default Statusaffected
Version < *
Version sha256:57b12c6c6ed0a9f6af1388df3b8f60bbd82d3e4add1928b9578fa91ff24f570c
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.207
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 9.9 3.1 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.