CVE-2024-25133 HIGH

CVE-2024-25133: Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation

Weakness CWE-284

Published December 31, 2024

Last update August 27, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.

Key dates

02Disclosure timeline

December 31, 2024 CVE published

August 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-25133 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2024-25133: Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation

01Description

02Disclosure timeline

03References

04Related CVE