CVE-2025-10725
📋 TL;DR
A privilege escalation vulnerability in Red Hat OpenShift AI Service allows authenticated low-privileged users (like data scientists using Jupyter notebooks) to gain full cluster administrator privileges. This affects all OpenShift AI deployments where users have authenticated access. The vulnerability enables complete cluster compromise.
💻 Affected Systems
- Red Hat OpenShift AI Service
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete cluster takeover allowing data theft, service disruption, infrastructure control, and compromise of all hosted applications.
Likely Case
Privileged attacker escalates to cluster admin, accesses sensitive data, and potentially deploys malicious workloads.
If Mitigated
Limited impact if strict network segmentation and least privilege access controls prevent lateral movement.
🎯 Exploit Status
Exploitation requires authenticated access but appears straightforward based on CVSS and description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific RHSA-2025:16981 through RHSA-2025:17501 for exact fixed versions
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:16981
Restart Required: Yes
Instructions:
1. Review all linked RHSA advisories. 2. Apply the appropriate patches for your OpenShift AI version. 3. Restart affected services. 4. Verify patch application.
🔧 Temporary Workarounds
Restrict Jupyter notebook access
allLimit access to Jupyter notebooks and OpenShift AI interfaces to only essential users
Implement network segmentation
allIsolate OpenShift AI components from critical cluster infrastructure
🧯 If You Can't Patch
- Immediately restrict all non-essential user access to OpenShift AI interfaces
- Implement enhanced monitoring for privilege escalation attempts and cluster admin activities
🔍 How to Verify
Check if Vulnerable:
Check OpenShift AI version against affected versions in RHSA advisoriesCheck Version:
oc get pods -n redhat-ods-applications -l app=rhods-dashboard -o jsonpath='{.items[0].spec.containers[0].image}'Verify Fix Applied:
Verify OpenShift AI version matches patched versions from RHSA advisories📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- Cluster admin activities from non-admin users
- Unauthorized access to sensitive resources
Network Indicators:
- Unusual API calls to cluster administration endpoints from user namespaces
SIEM Query:
source="openshift-audit-logs" AND (event="authorization" AND result="allow" AND verb IN ("create","update","delete","patch") AND resource="clusterroles")🔗 References
- https://access.redhat.com/errata/RHSA-2025:16981
- https://access.redhat.com/errata/RHSA-2025:16982
- https://access.redhat.com/errata/RHSA-2025:16983
- https://access.redhat.com/errata/RHSA-2025:16984
- https://access.redhat.com/errata/RHSA-2025:17501
- https://access.redhat.com/security/cve/CVE-2025-10725
- https://bugzilla.redhat.com/show_bug.cgi?id=2396641
- https://github.com/opendatahub-io/opendatahub-operator/commit/070057ebd0882be0e397bee1daa18c36374a03c0
- https://github.com/opendatahub-io/opendatahub-operator/pull/2571
