A extreme security flaw has been disclosed within the Pink Hat OpenShift AI service that would permit attackers to escalate privileges and take management of the entire infrastructure beneath sure situations.
OpenShift AI is a platform for managing the lifecycle of predictive and generative synthetic intelligence (GenAI) fashions at scale and throughout hybrid cloud environments. It additionally facilitates knowledge acquisition and preparation, mannequin coaching and fine-tuning, mannequin serving and mannequin monitoring, and {hardware} acceleration.
The vulnerability, tracked as CVE-2025-10725, carries a CVSS rating of 9.9 out of a most of 10.0. It has been labeled by Pink Hat as “Vital” and never “Crucial” in severity owing to the necessity for a distant attacker to be authenticated to be able to compromise the atmosphere.
“A low-privileged attacker with entry to an authenticated account, for instance, as a knowledge scientist utilizing an ordinary Jupyter pocket book, can escalate their privileges to a full cluster administrator,” Pink Hat stated in an advisory earlier this week.
“This enables for the entire compromise of the cluster’s confidentiality, integrity, and availability. The attacker can steal delicate knowledge, disrupt all companies, and take management of the underlying infrastructure, resulting in a complete breach of the platform and all purposes hosted on it.”
The next variations are affected by the flaw –
- Pink Hat OpenShift AI 2.19
- Pink Hat OpenShift AI 2.21
- Pink Hat OpenShift AI (RHOAI)
As mitigations, Pink Hat is recommending that customers keep away from granting broad permissions to system-level teams, and “the ClusterRoleBinding that associates the kueue-batch-user-role with the system:authenticated group.”
“The permission to create jobs needs to be granted on a extra granular, as-needed foundation to particular customers or teams, adhering to the precept of least privilege,” it added.
