Excessive Permissions in Red Hat Openshift AI Service TrustyAI
CVE-2025-12103

5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Ai 2.25
Red Hat Openshift Ai 3
Red Hat Openshift Ai (rhoai)
Vendor
CVE Published:
28 October 2025

What is CVE-2025-12103?

A security flaw in the TrustyAI component of Red Hat Openshift AI Service allows all service accounts and users within a cluster to gain unrestricted access to pod information across all namespaces. This vulnerability arises from the creation of a role, trustyai-service-operator-lmeval-user-role, and a ClusterRoleBinding, trustyai-service-operator-default-lmeval-user-rolebinding, that is inadvertently assigned to system:authenticated. Consequently, every user or service account can list pods in any namespace, as well as access all persistentvolumeclaims and lmevaljobs, creating potential security risks across the platform.

Affected Version(s)

Red Hat OpenShift AI 2.25 sha256:6503aa2b0c29d01b947b6fde383850d03dcb2b9f9d70cf417b9e90d5e99d1740

Red Hat OpenShift AI 3 sha256:2015d93a8f499c4b3706fb1b1323db2e455154cb20219ceef82b79894239a51b

References

https://access.redhat.com/errata/RHSA-2025:21117
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10184
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12103
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.