Cyber Resilience

CVE-2025-10725

Critical

Published: 30 September 2025

Published
30 September 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0018 39.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10725 is a critical-severity Incorrect Privilege Assignment (CWE-266) vulnerability. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-10725 is a privilege escalation vulnerability in Red Hat OpenShift AI Service. The flaw allows a low-privileged attacker with an authenticated account to elevate privileges to full cluster administrator level. It is rated with a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-266: Incorrect Privilege Assignment for Critical Resources.

A low-privileged attacker, such as a data scientist using a standard Jupyter notebook, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants complete cluster administrator privileges, enabling full compromise of the cluster's confidentiality, integrity, and availability. This allows the attacker to steal sensitive data, disrupt all services, and take control of the underlying infrastructure, resulting in a total breach of the platform and all hosted applications.

Red Hat has issued multiple security errata addressing this vulnerability, including RHSA-2025:16981, RHSA-2025:16982, RHSA-2025:16983, RHSA-2025:16984, and RHSA-2025:17501. Security practitioners should consult these advisories for patch deployment and mitigation guidance to prevent exploitation.

This vulnerability affects OpenShift AI Service, which supports AI/ML workloads like Jupyter notebooks for data scientists, highlighting risks in shared AI platforms where low-privilege users require careful access controls. No public information on real-world exploitation is available as of the CVE publication on 2025-09-30.

EU & UK References

Vulnerability details

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This…

more

allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability enables a low-privileged authenticated user (e.g., data scientist with Jupyter access) to exploit a flaw in Red Hat OpenShift AI Service for privilege escalation to full cluster administrator, compromising the entire cluster.

CVEs Like This One

CVE-2026-42368Shared CWE-266
CVE-2025-69293Shared CWE-266
CVE-2026-42680Shared CWE-266
CVE-2025-69378Shared CWE-266
CVE-2026-27102Shared CWE-266
CVE-2025-22736Shared CWE-266
CVE-2024-40591Shared CWE-266
CVE-2026-48879Shared CWE-266
CVE-2025-33179Shared CWE-266
CVE-2026-25414Shared CWE-266

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent low-privileged users like data scientists from escalating to full cluster administrator via the flawed privilege assignment.

prevent

Requires timely flaw remediation through patches like RHSA-2025:16981 to directly fix the privilege escalation vulnerability in OpenShift AI Service.

prevent

Mandates system enforcement of approved access authorizations, countering the incorrect privilege assignment that enables network-based escalation.

References