A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions.
OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data acquisition and preparation, model training and fine-tuning, model serving and model monitoring, and hardware acceleration.
The vulnerability, tracked as CVE-2025-10725, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been classified by Red Hat as “Important” and not “Critical” in severity owing to the need for a remote attacker to be authenticated in order to compromise the environment.
“A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator,” Red Hat said in an advisory earlier this week.
“This allows for the complete compromise of the cluster’s confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.”
The following versions are affected by the flaw –
- Red Hat OpenShift AI 2.19
- Red Hat OpenShift AI 2.21
- Red Hat OpenShift AI (RHOAI)
As mitigations, Red Hat is recommending that users avoid granting broad permissions to system-level groups, and “the ClusterRoleBinding that associates the kueue-batch-user-role with the system:authenticated group.”
“The permission to create jobs should be granted on a more granular, as-needed basis to specific users or groups, adhering to the principle of least privilege,” it added.
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
