CVE-2025-10725 CRITICAL

CVE-2025-10725: Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin

Vendor Opendatahub-Io
Product opendatahub-operator
Weakness CWE-266
Published September 30, 2025
Last update December 24, 2025

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

Key dates

02Disclosure timeline

September 30, 2025 CVE published
December 24, 2025 Record updated