{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T01:18:10.572","vulnerabilities":[{"cve":{"id":"CVE-2025-10725","sourceIdentifier":"secalert@redhat.com","published":"2025-09-30T18:15:47.900","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it."},{"lang":"es","value":"Se encontró una falla en el Servicio de IA de Red Hat Openshift. Un atacante de bajo privilegio con acceso a una cuenta autenticada, por ejemplo como científico de datos usando un cuaderno Jupyter estándar, puede escalar sus privilegios a un administrador de clúster completo. Esto permite el compromiso completo de la confidencialidad, integridad y disponibilidad del clúster. El atacante puede robar datos sensibles, interrumpir todos los servicios y tomar control de la infraestructura subyacente, lo que lleva a una brecha total de la plataforma y todas las aplicaciones alojadas en ella."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:16981","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16982","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16983","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16984","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17501","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-10725","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396641","source":"secalert@redhat.com"},{"url":"https://github.com/opendatahub-io/opendatahub-operator/commit/070057ebd0882be0e397bee1daa18c36374a03c0","source":"secalert@redhat.com"},{"url":"https://github.com/opendatahub-io/opendatahub-operator/pull/2571","source":"secalert@redhat.com"}]}}]}