The Red Hat OpenShift AI service, which allows attackers to escalate their privileges and allow them to control their full infrastructure under certain conditions, discloses serious security flaws.
OpenShift AI is a platform for managing the lifecycle of forecasting and generator artificial intelligence (GENAI) models across large and hybrid cloud environments. It also makes it easier to collect and prepare data, train and fine-tune models, serve and monitor models, and accelerate hardware.
The vulnerability tracked as CVE-2025-10725 carries a CVSS score of 9.9 out of 10.0. It is classified as “important” rather than “important” in severity, not “important” because remote attackers need to be authenticated to compromise the environment.
“For example, as a data scientist using standard Jupyter notebooks, a modest attacker with access to authenticated accounts, could escalate privileges to full cluster administrators,” Red Hat said in an advisory earlier this week.
“This allows for a complete compromise on cluster confidentiality, integrity and availability. Attackers steal sensitive data, destroy all services, take control of the underlying infrastructure, leading to complete violations of the platform and all hosted applications.”
The next version is affected by the defect –
Red Hat OpenShift AI 2.19 Red Hat OpenShift AI 2.21 Red Hat OpenShift AI (Rhoai)
As a mitigation, Red Hat recommends avoiding users from granting wide range of privileges to system-level groups and avoiding “cluster role binding: authentication group that associates Kueue-Batch-User-Role with the system.”
“Permission to create employment is granted to a particular user or group on a more detailed and necessary basis and must adhere to the principle of minimal privilege,” he added.
Source link
