A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.
An attacker with access to an authenticated account with low privileges (e.g., a standard platform user account) can exploit improper privilege management (CWE-266) in Red Hat OpenShift AI Service. Exploitation does not require interaction from other users or special configuration conditions — network access to the platform and an active account are sufficient. As a result, the attacker gains administrator rights for the entire OpenShift cluster.
The attacker achieves complete compromise of the cluster: can steal sensitive data, disrupt or disable all services, and take control of the underlying infrastructure. This results in complete violation of confidentiality, integrity, and availability of the platform and all applications running on it.
Apply patches available from the vendor according to published Red Hat errata: RHSA-2025:16981, RHSA-2025:16982, RHSA-2025:16983, RHSA-2025:16984 and RHSA-2025:17501 available at access.redhat.com
Red Hat OpenShift AI Service — versions indicated in vendor references (errata RHSA-2025:16981, RHSA-2025:16982, RHSA-2025:16983, RHSA-2025:16984, RHSA-2025:17501)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H