In the platform OpenShift ai Service , which allows organizing the work of the cluster to perform AI models, revealed vulnerability ( cve-2025-10725 ), which allows an unvaled user to get the rights of the cluster administrator. After a successful attack, the attacker gets the opportunity to control the cluster, full access to all services given and launched applications in the cluster, as well as a ROOT access to the cluster nodes.
to conduct an attack of any unhealthy access to the platform, for example, an attack can be carried out by an attack AI to the AI researcher, Using Jupyter Notebook. Problem assigned the critical level of hazard is 9.9 from 10. It turned out to be attached to the System: Authenticated group, which allowed any user of the service to create work (OpenShift Job) in any space. Among other things, any user could create work in the privileged space of the OpenShift-Apiserver-Operator names and configure its launch with the privileges of Serviceaccount. Serviceaccount, which the attacker could extract and use to compromise more privileged accounts. Ultimately, the attack could be brought to the receipt of the Root-access to the Master-Uzlam, after which the attacker got the opportunity to fully control all the contents of the cluster.