CVE-2025-12805 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 26, 2026
Red Hat OpenShift AI llama-stack-operator - Broken Access Control
Overview
Red Hat OpenShift AI llama-stack-operator contains a broken access control vulnerability caused by lack of NetworkPolicy restrictions on the llama-stack service endpoint, letting unauthorized users access Llama Stack services in other namespaces, exploit requires network access to the service endpoint.
Severity & Score
Impact
Unauthorized users can access and manipulate sensitive data across namespaces, leading to data exposure and potential data tampering.
Mitigation
Implement NetworkPolicy restrictions to limit access to the llama-stack service endpoint or update to the latest fixed version.
References
Social Media Activity(2 posts)
š CVE-2025-12805 - High (8.1) A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the... š https://www.thehackerwire.com/vulnerability/CVE-2025-12805/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2025-12805 - High (8.1) A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the... š https://www.thehackerwire.com/vulnerability/CVE-2025-12805/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-12805
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-653
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N