CVE-2025-12805
Received Received - Intake
Unauthorized Access in Red Hat OpenShift AI llama-stack-operator

Publication date: 2026-03-26

Last updated on: 2026-04-30

Assigner: Red Hat, Inc.

Description
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12805
EUVD
EUVD-2025-209086
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat openshift_ai 2.25
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-653 The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Red Hat OpenShift AI (RHOAI) llama-stack-operator. It allows unauthorized users to access Llama Stack services that are deployed in other namespaces by making direct network requests. The root cause is the absence of a NetworkPolicy that restricts access to the llama-stack service endpoint. Consequently, a user operating in one namespace can reach another user's Llama Stack instance.

This unauthorized access can lead to viewing or manipulating sensitive data belonging to other users.

Impact Analysis

The vulnerability can have serious impacts including unauthorized access to sensitive data and potential manipulation of that data by users from different namespaces. This compromises data confidentiality and integrity within the affected Red Hat OpenShift AI environment.

Compliance Impact

This vulnerability allows unauthorized access to Llama Stack services across namespaces, potentially exposing or allowing manipulation of sensitive data belonging to other users.

Such unauthorized access and potential data exposure could lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart