CVE-2025-12805
published 2026-03-26CVE-2025-12805: A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other…
PriorityP354high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.38%
30.1th percentile
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | openshift_ai | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Red Hat OpenShift AI Llama Stack Service improper isolation or compartmentalization (RHSA-2026:2106 / EUVD-2025-209086)
vuldb·2026-05-06·CVSS 8.1
CVE-2025-12805 [HIGH] Red Hat OpenShift AI Llama Stack Service improper isolation or compartmentalization (RHSA-2026:2106 / EUVD-2025-209086)
A vulnerability labeled as critical has been found in Red Hat OpenShift AI. This affects an unknown part of the component Llama Stack Service. Such manipulation leads to improper isolation or compartmentalization.
This vulnerability is uniquely identified as CVE-2025-12805. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-cq3g-qvxc-ghr5: A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator
ghsa_unreviewed·2026-03-27
CVE-2025-12805 [HIGH] CWE-653 GHSA-cq3g-qvxc-ghr5: A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
Red Hat
llama-stack-k8s-operator: Llama Stack service exposed across namespaces due to missing NetworkPolicy
vendor_redhat·2025-12-31·CVSS 8.1
CVE-2025-12805 [HIGH] CWE-653 llama-stack-k8s-operator: Llama Stack service exposed across namespaces due to missing NetworkPolicy
llama-stack-k8s-operator: Llama Stack service exposed across namespaces due to missing NetworkPolicy
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a r
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-26
Published