Critical Vulnerability in Red Hat OpenShift AI Puts Hybrid Clouds at Risk

Red Hat OpenShift AI users! A pretty nasty security vulnerability has just been revealed. If exploited, it could let attackers grab significant privileges and potentially seize control of the entire infrastructure.

Just a quick refresher: OpenShift AI is Red Hat's platform designed to help manage the full lifecycle of those cool predictive and generative AI models. It's all about scaling these models across different cloud setups. Think data prep, model training, serving, monitoring – the whole shebang.

So, what's the deal with this vulnerability? It's being tracked as CVE-2025-10725, and it's packing a CVSS score of 9.9 out of 10. Red Hat is calling it "Important," though not "Critical." Why? Well, an attacker needs to be authenticated to even try and exploit it.

Here's the scary part. Red Hat says that a low-level attacker – say, a data scientist with a standard Jupyter notebook account – could potentially bump themselves up to a full-blown cluster administrator. Yikes!

That's not good. We're talking complete compromise: stealing sensitive data, disrupting services, and taking control of the underlying infrastructure. Basically, a total platform breach.

Which Versions Are Affected?

If you're running any of these versions, pay close attention:

• Red Hat OpenShift AI 2.19
• Red Hat OpenShift AI 2.21
• Red Hat OpenShift AI (RHOAI)

What Can You Do?

Red Hat's advice? Avoid handing out broad permissions to system-level groups. Specifically, they recommend rethinking "the ClusterRoleBinding that associates the kueue-batch-user-role with the system:authenticated group."

Their recommendation boils down to the principle of least privilege: grant permission to create jobs only on a "need-to-know" basis to specific users or groups.