CVE-2025-12805 PUBLISHED

Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy

Assigner: redhat
Reserved: 06.11.2025 Published: 26.03.2026 Updated: 26.03.2026

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat OpenShift AI 2.25
Versions	Default: affected unaffected from sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744 to * (excl.)

Vendor	Red Hat
Product	Red Hat OpenShift AI 2.25
Versions	Default: affected unaffected from sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92 to * (excl.)

Vendor	Red Hat
Product	Red Hat OpenShift AI (RHOAI)
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat OpenShift AI (RHOAI)
Versions	Default: unaffected

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Problem Types

Improper Isolation or Compartmentalization CWE