A serious security vulnerability has been revealed in the Red Hat OpenShift AI service. Under specific circumstances, this flaw could let attackers elevate their privileges and gain control of the entire infrastructure.
OpenShift AI serves as a comprehensive platform. It manages the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale across hybrid cloud environments. Furthermore, it supports data acquisition and preparation, model training and fine-tuning, model serving and monitoring, and hardware acceleration.
The vulnerability, identified as CVE-2025-10725 has a CVSS score of 9.9 out of a maximum of 10.0. Red Hat classified its severity as "Important" rather than "Critical" because a remote attacker must be authenticated to compromise the environment.
"A low-privileged attacker with access to an authenticated account, for instance, a data scientist utilizing a standard Jupyter notebook, can escalate their privileges to a full cluster administrator," Red Hat stated in an advisory earlier this week. "This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and seize control of the underlying infrastructure, resulting in a total breach of the platform and all hosted applications."
The following versions are impacted by this flaw:
- Red Hat OpenShift AI 2.19
- Red Hat OpenShift AI 2.21
- Red Hat OpenShift AI (RHOAI)
For mitigation, Red Hat suggests users refrain from granting broad permissions to system-level groups and avoid the ClusterRoleBinding that links the kueue-batch-user-role with the system:authenticated group.
"The permission to create jobs should be granted on a more granular, as-needed basis to specific users or groups, adhering to the principle of least privilege," the company advised.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
