Privilege Escalation Vulnerability in OpenShift GitOps by Red Hat
CVE-2025-13888

9.1CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Gitops 1.18
Vendor
CVE Published:
15 December 2025

What is CVE-2025-13888?

A security flaw exists in OpenShift GitOps that enables namespace administrators to create ArgoCD Custom Resources (CRs) leading to unauthorized escalations of privileges across different namespaces. This can permit authenticated attackers to gain access to privileged workloads operating on master nodes, thereby potentially granting root-level access to the entire cluster. Proper patching and security measures are imperative to mitigate this vulnerability.

Affected Version(s)

Red Hat OpenShift GitOps 1.18 sha256:1e382dc8429f5224c1e353f08d99af1be092d960b0d9f98db495aeee314ff510

References

https://access.redhat.com/errata/RHSA-2025:23203
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-13888
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2418361
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-13888 : Privilege Escalation Vulnerability in OpenShift GitOps by Red Hat