CVE-2025-12805HIGH 8.1EPSS p30.0%

CVE-2025-12805CVE-2025-12805

Description

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.38% probability of exploitation · percentile 30.0% · 2026-06-18T12:00:27Z
Published2026-03-26
Last modified2026-04-30

Underlying weaknesses· 1

CWE-653

References

  1. https://access.redhat.com/errata/RHSA-2026:2106
  2. https://access.redhat.com/errata/RHSA-2026:2695
  3. https://access.redhat.com/security/cve/CVE-2025-12805
  4. https://bugzilla.redhat.com/show_bug.cgi?id=2413101

1

TypeTargetConfidenceTier
WeaknessImproper Isolation or Compartmentalizationcwe-6530%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10725
CVE
CVE-2025-63389
CVE
CVE-2026-5483
CVE
CVE-2025-53767
CVE
CVE-2025-11393
CVE
CVE-2025-13888
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.