"A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator,"
"This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it."
"The permission to create jobs should be granted on a more granular, as-needed basis to specific users or groups, adhering to the principle of least privilege,"
An OpenShift AI vulnerability tracked as CVE-2025-10725 carries a 9.9 CVSS score and allows privilege escalation from minimally authenticated accounts to full cluster administrator access. A low-privileged authenticated user, such as a data scientist using a Jupyter notebook, can gain administrative control and thereby compromise confidentiality, integrity, and availability across the cluster. Potential impacts include theft of sensitive data, disruption of services, and takeover of underlying infrastructure and hosted applications. Red Hat recommends removing the ClusterRoleBinding linking kueue-batch-user-role to system:authenticated and granting job-creation permissions only on a granular, as-needed basis. Broad system-level group permissions should be avoided.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]