OpenShift AI Flaw Allows Full Cluster Takeover (CVE-2025-10725)

A severe vulnerability in Red Hat OpenShift AI (CVE-2025-10725) allows low-privileged users to escalate their permissions to full cluster administrator. The flaw stems from an overly permissive ClusterRole assignment that grants any authenticated user the ability to create jobs across the entire cluster. An attacker with minimal access, such as a data scientist account, can abuse this permission to run malicious jobs with elevated rights. This could lead to a complete compromise of the cluster, including data theft and service disruption. Administrators are urged to mitigate the risk by immediately removing the insecure ClusterRoleBinding and adopting a least-privilege security model.

Latest mentioned: 10-01

Earliest mentioned: 10-01

Sources

securityonline.info gbhackers.com

Also Read

Detour Dog Uses DNS to Deliver Strela Stealer Malware

The cybercrime group Detour Dog has been quietly infecting over 30,000 websites since 2020 using a sophisticated, server-side attack. The group leverages DNS TXT records as a covert channel to send commands to compromised sites, making the malicious activity invisible to most visitors. This technique allows them to selectively redirect users to scams or, more recently, deliver the powerful Strela Stealer infostealer malware. By controlling the attack from the server, the compromised websites can remain infected for long periods without detection. The campaign's vast infrastructure generates millions of DNS queries, with traffic originating from numerous global locations.

10-02Read more →