CVE-2025-12805— Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-12805
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的划分
Source: NVD (National Vulnerability Database)
Vulnerability Title
Llama Stack 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Llama Stack是Meta Llama开源的一个简化人工智能应用开发的核心构建模块。 Llama Stack存在安全漏洞,该漏洞源于缺少网络策略限制对llama-stack服务端点的访问,可能导致未经授权访问部署在其他命名空间中的Llama Stack服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat OpenShift AI 2.25 | sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744 ~ * | cpe:/a:redhat:openshift_ai:2.25::el9 | |
| Red Hat | Red Hat OpenShift AI 2.25 | sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92 ~ * | cpe:/a:redhat:openshift_ai:2.25::el9 | |
| Red Hat | Red Hat OpenShift AI (RHOAI) | - | cpe:/a:redhat:openshift_ai | |
| Red Hat | Red Hat OpenShift AI (RHOAI) | - | cpe:/a:redhat:openshift_ai |
II. Public POCs for CVE-2025-12805
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-12805
请登录查看更多情报信息。
Same Patch Batch · Red Hat · 2026-03-26 · 17 CVEs total
| CVE-2026-1961 | 8.0 HIGH | Forman: foreman: remote code execution via command injection in websocket proxy |
| CVE-2026-2436 | 6.5 MEDIUM | Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake |
| CVE-2026-3121 | 6.5 MEDIUM | Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-client |
| CVE-2026-4887 | 6.1 MEDIUM | Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image |
| CVE-2026-4897 | 5.5 MEDIUM | Polkit: polkit: denial of service via unbounded input processing through standard input |
| CVE-2026-2100 | 5.3 MEDIUM | P11-kit: null dereference via c_derivekey with specific null parameters |
| CVE-2026-2272 | 4.3 MEDIUM | Gimp: gimp: memory corruption due to integer overflow in ico file handling |
| CVE-2026-3190 | 4.3 MEDIUM | Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protec |
| CVE-2026-2271 | 3.3 LOW | Gimp: gimp: denial of service via crafted psp image file |
| CVE-2026-0968 | 3.1 LOW | Libssh: libssh: denial of service due to malformed sftp message |
| CVE-2026-4874 | 3.1 LOW | Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side r |
| CVE-2026-2239 | 2.8 LOW | Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow |
| CVE-2026-0965 | Libssh: libssh: denial of service via improper configuration file handling | |
| CVE-2026-0967 | Libssh: libssh: denial of service via inefficient regular expression processing | |
| CVE-2026-0964 | Libssh: improper sanitation of paths received from scp servers | |
| CVE-2026-0966 | Libssh: buffer underflow in ssh_get_hexa() on invalid input |
IV. Related Vulnerabilities
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
Same weakness: CWE-653
- CVE-2026-40968
Spring gRPC SecurityContext leaks across requests on authori - CVE-2026-5600
pretix 安全漏洞 - CVE-2026-5599
API allows deletion of users of other instance - CVE-2026-34775
Electron: nodeIntegrationInWorker not correctly scoped in sh - CVE-2026-4325
Keycloak: keycloak: replay of action tokens via improper han
V. Comments for CVE-2025-12805
No comments yet