Privilege Escalation Vulnerability in Observability Operator by Red Hat
CVE-2025-2843

8.8HIGH

Key Information:

Vendor: Red Hat
Status: Cluster Observability Operator 1.3.0
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-2843?

A security flaw exists in Red Hat’s Observability Operator due to the creation of a ServiceAccount with a ClusterRole during the deployment of a Namespace-Scoped Custom Resource called MonitorStack. This vulnerability can be exploited by a malicious Kubernetes account that possesses only namespace-level roles, enabling it to instantiate a MonitorStack in an authorized namespace. By doing so, the attacker may impersonate the ServiceAccount established by the Operator, leading to a significant privilege escalation and posing substantial risks to the integrity of the Kubernetes cluster.

Affected Version(s)

Cluster Observability Operator 1.3.0 sha256:efff0f5b6835286172ae99dd368dcc48aca98398c382cb4c38d02533afee8670

References

https://access.redhat.com/errata/RHSA-2025:21146

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2025-2843

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2355222

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Mar 27, 2025

Credit

Red Hat would like to thank Andong Chen (Lab for Internet and Security Technology) and Zhaoxuan Isaac Jin (Lab for Internet and Security Technology) for reporting this issue.

JSON