CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-12805

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.8%

CVSS Severity

CVSS v3 Score 8.1

References

https://access.redhat.com/errata/RHSA-2026:2106
https://access.redhat.com/errata/RHSA-2026:2695
https://access.redhat.com/security/cve/CVE-2025-12805
https://bugzilla.redhat.com/show_bug.cgi?id=2413101

Products affected by CVE-2025-12805

Redhat » Openshift Ai » Version: 2.25

cpe:2.3:a:redhat:openshift_ai:2.25

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-12805

Products

Pricing

Contact Us