VDB

CVE-2025-10725

CVE-2025-10725 PUBLISHED CVSS 9.899999618530273 CRITICAL

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

EPSS 0.16% · 36.9th percentile

Risk Scores

CVSS v3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.16%
36.9th percentile

Affected Products

VendorProductVersions
Red HatRed Hat OpenShift AI 2.24*
Red HatRed Hat OpenShift AI 2.19sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf
opendatahub-ioopendatahub-operator0
Red HatRed Hat OpenShift AI 2.16sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803
Red HatRed Hat OpenShift AI 2.22sha256:dccc7c6cf920da7ffeadbad42f5727f2d58d54ceef399ac98441345d06ff10c4
Red HatRed Hat OpenShift AI 2.21sha256:db339d2d4f86af4efa695ef193d19e26b25fec80017fa2780833a4cd944e383b

Timeline

  • Sep 19, 2025 CVE ID Reserved
  • Sep 30, 2025 CVE Published
  • Oct 1, 2025 EPSS Score
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published
  • Oct 1, 2025 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›