CVE-2025-2843

Name of the Vulnerable Software and Affected Versions Observability Operator (affected versions not specified)

Description The Observability Operator creates a ServiceAccount with ClusterRole permissions when deploying a Namespace-Scoped Custom Resource called MonitorStack. This allows a Kubernetes Account with only namespaced-level roles to create a MonitorStack in an authorized namespace and then elevate permissions to the cluster level by impersonating the ServiceAccount created by the Operator. This can lead to privilege escalation and other related issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.