CVE-2025-13888
CRITICALRed Hat OpenShift GitOps < 1.16.2 - Authenticated Privilege Escalation via ArgoCD Custom Resource Injection
Title source: llmDescription
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.
References (9)
Core 9
Core References
Patch
https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef
Issue Tracking
https://github.com/redhat-developer/gitops-operator/pull/897
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2418361
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23203
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23206
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:23207
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1017
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-13888
Scores
CVSS v3
9.1
EPSS
0.0063
EPSS Percentile
45.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
Status
published
Products (7)
Red Hat/Red Hat OpenShift GitOps
Red Hat/Red Hat OpenShift GitOps 1.16
sha256:c41c99f360a2515bce55c42e309e2c72500ba66d3a2c461412dee7de5ea9a9fa
Red Hat/Red Hat OpenShift GitOps 1.17
sha256:27e7a59bb5c5f60be7509e5f4f07f4181d62e6583a943c46f56f568bfc30c2c1
Red Hat/Red Hat OpenShift GitOps 1.18
sha256:3eb6308c58365182b4b5b5aabf35754d821e25b8a04b0595900fb47d52cd3ecc
Red Hat/Red Hat OpenShift GitOps 1.18
sha256:43ba408b8ed58259bf338fd29260d936fbde9846f772d0580b3e7486ef8ea300
redhat-developer/gitops-operator
< 1.16.2
redhat-developer/gitops-operator
0 - 1.16.2Go
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026