What is CVE-2025-12805?

A high-severity vulnerability in Red Hat OpenShift AI exposes Llama Stack services to unauthorized access across namespaces. Immediate action is required to prevent data breaches.

What is the severity of CVE-2025-12805?

CVE-2025-12805 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2025-12805 | High Vulnerability in Red Hat OpenShift AI

CVE-2025-12805 is a high-severity vulnerability affecting Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests. The lack of a NetworkPolicy to restrict access to the llama-stack service endpoint means that a user in one namespace can access another user’s Llama Stack instance, potentially leading to the viewing or manipulation of sensitive data.

This vulnerability has a CVSS score of 8.1, categorizing it as high severity. Organizations utilizing Red Hat OpenShift AI should recognize the critical nature of this flaw, as it poses a significant risk to data confidentiality and integrity. Immediate patching is essential to mitigate the threat.

As of now, there are no known exploits associated with this vulnerability, but organizations should not be complacent. The potential for exploitation exists, and attackers may leverage this flaw to gain unauthorized access to sensitive information.

Organizations should prioritize patching immediately to safeguard their systems against this vulnerability and prevent unauthorized access to sensitive data.

Vulnerability Details

The flaw in Red Hat OpenShift AI allows unauthorized access due to the absence of a NetworkPolicy that would restrict access to the llama-stack service endpoint. Users in one namespace can view or manipulate instances in other namespaces, leading to potential data breaches. This vulnerability falls under CWE-653.

This vulnerability was published on March 26, 2026, and is classified as analyzed with a high exploitability score. The specific affected version is Red Hat OpenShift AI 2.25.

Technical Analysis

The root cause of this vulnerability lies in the lack of proper network policies that would otherwise restrict access to sensitive services within the OpenShift environment. The attack vector is network-based, with low attack complexity, requiring only low privileges to exploit.

There is no requirement for user interaction, which increases the risk as an attacker can exploit this vulnerability without user consent. The impacts on confidentiality and integrity are high, while availability remains unaffected.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive data across namespaces. This could lead to significant data breaches and compliance issues, especially for organizations handling critical or sensitive information.

The urgency for organizations to address this vulnerability is high, reflected in its CVSS score of 8.1 and the potential for exploitation. Organizations should ensure they are applying necessary patches and updates to mitigate the risk.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is Red Hat OpenShift AI version 2.25. Organizations using this version should apply the necessary patches.

Mitigation & Remediation

To remediate this vulnerability, organizations should implement the following actions:

1. Update to the latest version of Red Hat OpenShift AI to ensure all security patches are applied.

2. Review and implement NetworkPolicies to restrict access to sensitive services.

3. Monitor for unauthorized access attempts and anomalies in network traffic.

Organizations should consider regular penetration testing to identify and address similar vulnerabilities proactively.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should implement the following detection strategies:

1. Monitor network traffic for unauthorized access attempts to Llama Stack services.

2. Implement logging for all access to namespace resources and review logs regularly.

3. Analyze behavior for anomalies that may indicate unauthorized access.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-12805 lies in its representation of systemic flaws in network security configurations within cloud environments.

Organizations must learn from this incident to fortify their defenses against similar vulnerabilities. Regular audits of network policies and security configurations can help mitigate such risks.

Implementing a robust penetration testing methodology is crucial for identifying and addressing vulnerabilities before they can be exploited.

A well-designed vulnerability management program can provide organizations with the framework necessary to continuously monitor and remediate vulnerabilities.

Moreover, organizations should consider the implications of API security testing as part of their overall security strategy.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-12805: High Vulnerability in Red Hat OpenShift AI