CVE-2025-12103

Summary

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster.

TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB trustyai-service-operator-default-lmeval-user-rolebinding which is being applied to system:authenticated making it so that every single user or service account can get a list of pods running in any namespace on the cluster

Additionally users can access all persistentvolumeclaims and lmevaljobs

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenShift AI 2.25sha256:6503aa2b0c29d01b947b6fde383850d03dcb2b9f9d70cf417b9e90d5e99d1740 < *unaffected
Red HatRed Hat OpenShift AI 3sha256:2015d93a8f499c4b3706fb1b1323db2e455154cb20219ceef82b79894239a51b < *unaffected

Weaknesses

  • CWE-266: Incorrect Privilege Assignment

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References