Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover - The Hacker News

A critical vulnerability, CVE-2025-10725 (CVSS 9.9), allows authenticated, low-privileged attackers to escalate privileges to a full cluster administrator in Red Hat OpenShift AI. This flaw, due to an overly permissive ClusterRole, enables abuse of OpenShift Jobs to exfiltrate high-privilege ServiceAccount tokens, leading to a complete takeover of the hybrid cloud infrastructure.