Donate Telegram

CVE-2025-12805

HIGH CVSS 3.1: 8.1 EPSS 0.01%

Mar 26, 2026

Updated Mar 30, 2026

Red Hat

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-653
Vendor	Red Hat
Public PoC	No

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

References 4

https://access.redhat.com/errata/RHSA-2026:2106

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2695

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-12805

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2413101

secalert@redhat.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2625

Red Hat

CVE-2026-4324

Red Hat

CVE-2026-0980

Red Hat

CVE-2025-9909

Red Hat

CVE-2025-9908

Red Hat

CVE Details

CVE ID

CVE-2025-12805

Published Date

Mar 26, 2026

Vendor

Red Hat

Severity

HIGH

CVSS v3.1 Score

8.1

High severity. Prioritize patching.

Attack Analysis

Exploitability 2.8/10

How easy to exploit

Impact 5.2/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.01%

Likelihood of exploitation in next 30 days

Percentile: 1.9th percentile (higher than 1.9% of all CVEs)

Standard patching cycle

Impact

Full data disclosure

Complete data modification

Source

Editor's Choice