CVE-2025-12103

MEDIUM

Red Hat Openshift AI Service - Privilege Escalation

Title source: llm

Description

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`

References (4)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:10184

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:21117

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2025-12103

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2405966

Scores

CVSS v3 5.0

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-266

Status published

Products (4)

Red Hat/Red Hat OpenShift AI (RHOAI)

Red Hat/Red Hat OpenShift AI 2.25 sha256:6503aa2b0c29d01b947b6fde383850d03dcb2b9f9d70cf417b9e90d5e99d1740

Red Hat/Red Hat OpenShift AI 3 sha256:2015d93a8f499c4b3706fb1b1323db2e455154cb20219ceef82b79894239a51b

Red Hat/Red Hat OpenShift AI 3.0 sha256:43322a7cecd6fe3309faa160bf92d88518c23b98c6467e5e868a9dbdd3f16b36

Published Oct 28, 2025

Tracked Since Feb 18, 2026