CVE-2025-12103
BaseFortify
Publication date: 2025-10-28
Last updated on: 2026-04-23
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | trustyai | * |
| redhat | openshift_ai | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in Red Hat Openshift AI Service's TrustyAI component, where it grants all service accounts and users on a cluster permissions to get, list, and watch any pod in any namespace on the cluster. Specifically, a role and a cluster role binding are created and applied to all authenticated users, allowing them to access pods, persistent volume claims, and lmevaljobs across the cluster.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing any user or service account on the cluster to view pods, persistent volume claims, and lmevaljobs in any namespace. This could lead to unauthorized information disclosure about workloads and storage resources running in the cluster, potentially exposing sensitive operational details or configurations.