Privilege Escalation in Red Hat OpenShift AI Service
CVE-2025-10725 is a privilege escalation vulnerability in Red Hat OpenShift AI Service caused by incorrect privilege assignment in the platform's RBAC configuration. According to the provided content, the ClusterRole "kueue-batch-user-role" is incorrectly bound to the "system:authenticated" group, which grants any authenticated entity, including low-privileged user workbench or notebook service accounts, permission to create OpenShift Jobs in any namespace. A low-privileged authenticated user, such as a data scientist using a standard Jupyter notebook, can exploit this by creating a malicious job in a privileged namespace, causing it to run under a higher-privilege ServiceAccount, exfiltrating that token, and pivoting to cluster-admin level access. The described attack path can ultimately lead to root access on cluster master nodes and full cluster takeover.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Recent activity
36 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A critical vulnerability in Red Hat OpenShift AI, details not specified in the content.
A high-severity privilege escalation / cluster takeover vulnerability in Red Hat OpenShift AI caused by an overly broad ClusterRoleBinding (kueue-batch-user-role bound to system:authenticated), allowing low-privileged authenticated users/service accounts to create jobs in any namespace and pivot to cluster-admin/root on master nodes.
A critical privilege escalation vulnerability in Red Hat OpenShift AI Service caused by incorrect privilege assignment in RBAC, allowing a low-privileged authenticated user to escalate to cluster-admin via the Jupyter notebook environment.
A vulnerability referenced as an OpenShift AI flaw; no technical details provided in the content beyond the CVE identifier and that it is unrelated to the described breach.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.