Privilege Escalation via Authenticated Jupyter in RedHat OpenShift AI
CVE-2025-10725 Published on September 30, 2025
Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.
Vulnerability Analysis
CVE-2025-10725 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Timeline
Reported to Red Hat.
Made public. 10 days later.
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2025-10725
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-10725 are published in Red Hat Openshift Ai:
Affected Versions
opendatahub-io opendatahub-operator:- Before 3.0.0 is affected.
- Version sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803 and below * is unaffected.
- Version sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf and below * is unaffected.
- Version sha256:db339d2d4f86af4efa695ef193d19e26b25fec80017fa2780833a4cd944e383b and below * is unaffected.
- Version sha256:dccc7c6cf920da7ffeadbad42f5727f2d58d54ceef399ac98441345d06ff10c4 and below * is unaffected.
- Version sha256:12c1d1066e75951aad1d333bcbc1675ba7a795b57744294c23decec1655709c7 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.