5
CVE-2025-12103
- EPSS 0.03%
- Veröffentlicht 28.10.2025 13:31:59
- Zuletzt bearbeitet 23.04.2026 18:16:22
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift AI 2.25
Default Statusaffected
Version
sha256:6503aa2b0c29d01b947b6fde383850d03dcb2b9f9d70cf417b9e90d5e99d1740
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift AI 3
Default Statusaffected
Version
sha256:2015d93a8f499c4b3706fb1b1323db2e455154cb20219ceef82b79894239a51b
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.097 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5 | 3.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.