Jon Weiser

**Name of the Vulnerable Software and Affected Versions** Red Hat OpenShift AI versions 2.19 through 2.21 **Description** A critical flaw exists in Red Hat OpenShift AI Service that allows a low-privileged authenticated user, such as a data scientist using a Jupyter notebook, to escalate their privileges to a full cluster administrator. Successful exploitation grants the attacker complete control over the cluster, including the ability to steal sensitive data, disrupt services, and compromise the underlying infrastructure. The vulnerability is due to an overly permissive ClusterRoleBinding associating the `kueue-batch-user-role` with the `system:authenticated` group. The vulnerability has a CVSS score of 9.9, indicating a critical risk. Reports suggest that Crimson Collective, a recently formed ransomware group, may have exploited undisclosed vulnerabilities in Red Hat products, though it is not confirmed if this is related to CVE-2025-10725. **Recommendations** For OpenShift AI versions 2.19 through 2.21, enforce the principle of least privilege. Restrict broad permissions granted to system-level groups. Audit and review ClusterRoleBindings to ensure appropriate access control. Monitor for suspicious job-creation activity.