Red Hat OpenShift AI Privilege Escalation Vulnerability
Summary
Hide ▲
Show ▼
A severe security flaw in Red Hat OpenShift AI (CVE-2025-10725) allows authenticated attackers to escalate privileges and fully compromise hybrid cloud infrastructure. The vulnerability affects versions 2.19, 2.21, and RHOAI. Attackers with low-privileged access can gain full cluster administrator privileges, leading to data theft, service disruption, and infrastructure takeover. Red Hat classifies the flaw as 'Important' due to the need for authentication, but it carries a CVSS score of 9.9. Mitigations include avoiding broad permissions and adhering to the principle of least privilege.
Timeline
-
01.10.2025 15:36 1 articles · 10h ago
Privilege Escalation Vulnerability in Red Hat OpenShift AI Disclosed
A severe security flaw (CVE-2025-10725) in Red Hat OpenShift AI allows authenticated attackers to escalate privileges and fully compromise hybrid cloud infrastructure. The vulnerability affects versions 2.19, 2.21, and RHOAI. Attackers can steal sensitive data, disrupt services, and take control of the underlying infrastructure. Red Hat recommends avoiding broad permissions and adhering to the principle of least privilege.
Show sources
- Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover — thehackernews.com — 01.10.2025 15:36
Information Snippets
-
The vulnerability (CVE-2025-10725) affects Red Hat OpenShift AI versions 2.19, 2.21, and RHOAI.
First reported: 01.10.2025 15:361 source, 1 articleShow sources
- Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover — thehackernews.com — 01.10.2025 15:36
-
The flaw has a CVSS score of 9.9 out of 10, indicating a critical severity.
First reported: 01.10.2025 15:361 source, 1 articleShow sources
- Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover — thehackernews.com — 01.10.2025 15:36
-
Authenticated attackers can escalate privileges to full cluster administrator.
First reported: 01.10.2025 15:361 source, 1 articleShow sources
- Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover — thehackernews.com — 01.10.2025 15:36
-
Successful exploitation allows attackers to steal sensitive data, disrupt services, and take control of the underlying infrastructure.
First reported: 01.10.2025 15:361 source, 1 articleShow sources
- Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover — thehackernews.com — 01.10.2025 15:36
-
Red Hat recommends avoiding broad permissions and adhering to the principle of least privilege.
First reported: 01.10.2025 15:361 source, 1 articleShow sources
- Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover — thehackernews.com — 01.10.2025 15:36