Unauthorized Access Vulnerability in Red Hat OpenShift AI Llama Stack Operator
CVE-2025-12805

8.1HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Ai 2.25
Red Hat Openshift Ai (rhoai)
Vendor
CVE Published:
26 March 2026

What is CVE-2025-12805?

A flaw in Red Hat OpenShift AI's Llama Stack Operator enables unauthorized users to bypass namespace barriers, allowing them to access Llama Stack services directly through network requests. This lack of a NetworkPolicy permits users in one namespace to interact with Llama Stack instances belonging to other namespaces, potentially exposing sensitive data and functionalities to unauthorized parties.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat OpenShift AI 2.25 sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744

Red Hat OpenShift AI 2.25 sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92

References

https://access.redhat.com/errata/RHSA-2026:2106
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2695
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12805
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.