csaf_redhat - rhba-2025:16984

rhba-2025:16984

Vulnerability from csaf_redhat

Published

2025-09-29 17:16

Modified

2025-10-02 15:12

Summary

Red Hat Bug Fix Advisory: RHOAI 2.19.0 - Red Hat OpenShift AI

Notes

Topic

Updated images are now available for Red Hat OpenShift AI.

Details

Release of RHOAI 2.19.0 provides these changes:

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat OpenShift AI.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of RHOAI 2.19.0 provides these changes:",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2025:16984",
        "url": "https://access.redhat.com/errata/RHBA-2025:16984"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
        "url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-10725",
        "url": "https://access.redhat.com/security/cve/cve-2025-10725"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-57852",
        "url": "https://access.redhat.com/security/cve/cve-2025-57852"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_16984.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: RHOAI 2.19.0 - Red Hat OpenShift AI",
    "tracking": {
      "current_release_date": "2025-10-02T15:12:21+00:00",
      "generator": {
        "date": "2025-10-02T15:12:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.8"
        }
      },
      "id": "RHBA-2025:16984",
      "initial_release_date": "2025-09-29T17:16:20+00:00",
      "revision_history": [
        {
          "date": "2025-09-29T17:16:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-09-30T16:12:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-02T15:12:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift AI 2.19",
                "product": {
                  "name": "Red Hat OpenShift AI 2.19",
                  "product_id": "Red Hat OpenShift AI 2.19",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_ai:2.19::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift AI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256%3Ad316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758705248"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3A53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16?arch=amd64\u0026repository_url=registry.redhat.io/rhoai"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-bundle@sha256%3Aa6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758720462"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256%3A03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758715871"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
                  "product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256%3Aa03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758705248"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256%3A43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758715871"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
                  "product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256%3Ae2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758705248"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256%3A74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758715871"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64",
                "product": {
                  "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64",
                  "product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256%3Af9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.19.3-1758715871"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64 as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64 as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64 as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64 as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64 as a component of Red Hat OpenShift AI 2.19",
          "product_id": "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
        },
        "product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64",
        "relates_to_product_reference": "Red Hat OpenShift AI 2.19"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10725",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2025-09-19T08:42:33.326000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396641"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster\u0027s confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openshift-ai: Overly Permissive ClusterRole Allows Authenticated Users to Escalate Privileges to Cluster Admin",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Security Ratings classify this as an Important and not Critical because it requires minimal authentication for the remote attacker to Jeopardize an environment. Following https://access.redhat.com/security/updates/classification",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-10725"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396641",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396641"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-10725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-10725"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10725",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10725"
        }
      ],
      "release_date": "2025-09-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-29T17:16:20+00:00",
          "details": "For Red Hat OpenShift AI 2.19.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
          "product_ids": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2025:16984"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openshift-ai: Overly Permissive ClusterRole Allows Authenticated Users to Escalate Privileges to Cluster Admin"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Whale",
            "Antony Di Scala"
          ]
        }
      ],
      "cve": "CVE-2025-57852",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "discovery_date": "2025-08-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2391105"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openshift-ai: privilege escalation via excessive /etc/passwd permissions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Security Ratings classify this as a Low and not Moderate in Red Hat OpenShift AI due to the restrictive SCC profile used for the ModelMesh containers. The restricted-v2 profile fully mitigates this vulnerability by dropping the SETUID and SETGID privileges, blocking the two system calls from processes within the container and preventing privilege escalation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
          "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-57852"
        },
        {
          "category": "external",
          "summary": "RHBZ#2391105",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391105"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-57852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57852"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57852",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57852"
        }
      ],
      "release_date": "2025-09-30T14:25:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-29T17:16:20+00:00",
          "details": "For Red Hat OpenShift AI 2.19.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
          "product_ids": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2025:16984"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:a03e4403f33af3ab32dd42d8bf8762aea079bd14d66f0543f525453acb048c80_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:d316259cc9d5555c2137ba177375f64ca297ce7b3dde7ec66edb8567e110a0da_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:e2b51a0d81397f7318c655b76f2952bd08e333ba56aa89053357b39514c23686_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-operator-bundle@sha256:a6e02e1876fd5382ba4921dd65650b2d747666feb96c839f34e99d2972dfc323_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:03e5cbae0925efac7fd0adfb14f4317c48a7efdbdd54c7804db92a2efb3b2bfc_amd64",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:43a8904396e55074ffb1afcfcd8fe6db0edcbc918a8ff8301b6b0920aea7eabf_ppc64le",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:74858d557494f60d4abaa5491b0db312a77bfb83709447b11396a0cf74bec623_s390x",
            "Red Hat OpenShift AI 2.19:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openshift-ai: privilege escalation via excessive /etc/passwd permissions"
    }
  ]
}

CVE-2025-57852 (GCVE-0-2025-57852)

Vulnerability from cvelistv5

Published

2025-09-30 14:37

Modified

2025-10-02 15:53

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CWE

CWE-276 - Incorrect Default Permissions

Summary

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2025:16981	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16982	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16983	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16984	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-57852	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2391105	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Red Hat

Red Hat OpenShift AI 2.16

Unaffected: sha256:97e2bd9b587f08e135a9aeb9b3e0dc6eafa1a9bdacbb5ecb681ce9bd5aa37fc9 < *
cpe:/a:redhat:openshift_ai:2.16::el8

Red Hat	Red Hat OpenShift AI 2.19	Unaffected: sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16 < * cpe:/a:redhat:openshift_ai:2.19::el8
Red Hat	Red Hat OpenShift AI 2.21	Unaffected: sha256:687c8eeed55f021ecaab1307f0e88b5b16d91f72d63b3d7168d7bbee90e8947b < * cpe:/a:redhat:openshift_ai:2.21::el9
Red Hat	Red Hat OpenShift AI 2.22	Unaffected: sha256:1709fa3c79aad4ba7eb9be8299949396092c8e20210124e0c0936385bc04e839 < * cpe:/a:redhat:openshift_ai:2.22::el9
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57852",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T15:27:58.164163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T15:35:07.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-modelmesh-rhel8",
          "product": "Red Hat OpenShift AI 2.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:97e2bd9b587f08e135a9aeb9b3e0dc6eafa1a9bdacbb5ecb681ce9bd5aa37fc9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.19::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-modelmesh-rhel8",
          "product": "Red Hat OpenShift AI 2.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:53ac36baa374159b9065c718a9ede821bbb61d9ebe9502b2243e0a9f7aca0d16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.21::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-modelmesh-rhel9",
          "product": "Red Hat OpenShift AI 2.21",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:687c8eeed55f021ecaab1307f0e88b5b16d91f72d63b3d7168d7bbee90e8947b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-modelmesh-rhel9",
          "product": "Red Hat OpenShift AI 2.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:1709fa3c79aad4ba7eb9be8299949396092c8e20210124e0c0936385bc04e839",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-modelmesh-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
        }
      ],
      "datePublic": "2025-09-30T14:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T15:53:42.099Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16981",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16981"
        },
        {
          "name": "RHSA-2025:16982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16982"
        },
        {
          "name": "RHSA-2025:16983",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16983"
        },
        {
          "name": "RHSA-2025:16984",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16984"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-57852"
        },
        {
          "name": "RHBZ#2391105",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391105"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-26T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-30T14:25:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openshift-ai: privilege escalation via excessive /etc/passwd permissions",
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-57852",
    "datePublished": "2025-09-30T14:37:10.024Z",
    "dateReserved": "2025-08-21T14:40:40.822Z",
    "dateUpdated": "2025-10-02T15:53:42.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-10725 (GCVE-0-2025-10725)

Vulnerability from cvelistv5

Published

2025-09-30 17:47

Modified

2025-10-02 15:37

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-266 - Incorrect Privilege Assignment

Summary

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2025:16981	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16982	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16983	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16984	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-10725	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2396641	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Red Hat

Red Hat OpenShift AI 2.16

Unaffected: sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803 < *
cpe:/a:redhat:openshift_ai:2.16::el8

Red Hat	Red Hat OpenShift AI 2.19	Unaffected: sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28 < * cpe:/a:redhat:openshift_ai:2.19::el8
Red Hat	Red Hat OpenShift AI 2.21	Unaffected: sha256:9f7620cc36c23dbf8528ecc04742861a65e867b338c582b84055559ab553f857 < * cpe:/a:redhat:openshift_ai:2.21::el9
Red Hat	Red Hat OpenShift AI 2.22	Unaffected: sha256:57b12c6c6ed0a9f6af1388df3b8f60bbd82d3e4add1928b9578fa91ff24f570c < * cpe:/a:redhat:openshift_ai:2.22::el9
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T18:32:34.716566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T20:33:03.586Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-rhel8-operator",
          "product": "Red Hat OpenShift AI 2.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:cebc8815e03b772343b15d0a7dce8fad6fcc71dd437d871db5a3691472350803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.19::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-rhel8-operator",
          "product": "Red Hat OpenShift AI 2.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:f9b4d952ca1ca80ecba82dec8f638f01a70de7404231e572ac2f51d5d31d5d28",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.21::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-rhel9-operator",
          "product": "Red Hat OpenShift AI 2.21",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:9f7620cc36c23dbf8528ecc04742861a65e867b338c582b84055559ab553f857",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/rhoai/odh-rhel9-operator",
          "product": "Red Hat OpenShift AI 2.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:57b12c6c6ed0a9f6af1388df3b8f60bbd82d3e4add1928b9578fa91ff24f570c",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-rhel9-operator",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Jon Weiser (Red Hat), Oleg Sushchenko (Red Hat), and Raul Bringas (Red Hat)."
        }
      ],
      "datePublic": "2025-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster\u0027s confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T15:37:22.459Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16981",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16981"
        },
        {
          "name": "RHSA-2025:16982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16982"
        },
        {
          "name": "RHSA-2025:16983",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16983"
        },
        {
          "name": "RHSA-2025:16984",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16984"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-10725"
        },
        {
          "name": "RHBZ#2396641",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396641"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-19T08:42:33.326000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-09-29T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-10725",
    "datePublished": "2025-09-30T17:47:08.577Z",
    "dateReserved": "2025-09-19T13:40:32.975Z",
    "dateUpdated": "2025-10-02T15:37:22.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhba-2025:16984

Vulnerability from csaf_redhat

CVE-2025-57852 (GCVE-0-2025-57852)

Vulnerability from cvelistv5

CVE-2025-10725 (GCVE-0-2025-10725)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature