CVE-2025-10725
Published: 30 September 2025
Summary
CVE-2025-10725 is a critical-severity Incorrect Privilege Assignment (CWE-266) vulnerability. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-10725 is a privilege escalation vulnerability in Red Hat OpenShift AI Service. The flaw allows a low-privileged attacker with an authenticated account to elevate privileges to full cluster administrator level. It is rated with a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-266: Incorrect Privilege Assignment for Critical Resources.
A low-privileged attacker, such as a data scientist using a standard Jupyter notebook, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants complete cluster administrator privileges, enabling full compromise of the cluster's confidentiality, integrity, and availability. This allows the attacker to steal sensitive data, disrupt all services, and take control of the underlying infrastructure, resulting in a total breach of the platform and all hosted applications.
Red Hat has issued multiple security errata addressing this vulnerability, including RHSA-2025:16981, RHSA-2025:16982, RHSA-2025:16983, RHSA-2025:16984, and RHSA-2025:17501. Security practitioners should consult these advisories for patch deployment and mitigation guidance to prevent exploitation.
This vulnerability affects OpenShift AI Service, which supports AI/ML workloads like Jupyter notebooks for data scientists, highlighting risks in shared AI platforms where low-privilege users require careful access controls. No public information on real-world exploitation is available as of the CVE publication on 2025-09-30.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31761
Vulnerability details
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This…
more
allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables a low-privileged authenticated user (e.g., data scientist with Jupyter access) to exploit a flaw in Red Hat OpenShift AI Service for privilege escalation to full cluster administrator, compromising the entire cluster.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces least privilege to prevent low-privileged users like data scientists from escalating to full cluster administrator via the flawed privilege assignment.
Requires timely flaw remediation through patches like RHSA-2025:16981 to directly fix the privilege escalation vulnerability in OpenShift AI Service.
Mandates system enforcement of approved access authorizations, countering the incorrect privilege assignment that enables network-based escalation.