Red Hat OpenShift AI Llama Stack Unauthorized Access Vulnerability (CVE-2025-12805)
CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator that allows unauthorized access to Llama Stack services in other namespaces via direct network requests due to missing NetworkPolicy restrictions, potentially enabling attackers to view or manipulate sensitive data.
A vulnerability, CVE-2025-12805, has been identified in Red Hat OpenShift AI (RHOAI) llama-stack-operator. The vulnerability stems from the lack of NetworkPolicy restrictions on the llama-stack service endpoint. This allows a user within one namespace to bypass intended isolation and directly access Llama Stack services deployed in other namespaces. The vulnerability was published on March 26, 2026. Successful exploitation could lead to unauthorized data access and manipulation, impacting the…
Detection coverage 2
Detect Direct Network Connection to Llama Stack Service from Different Namespace
highDetects network connections to the llama-stack service endpoint originating from a different OpenShift namespace, indicating potential unauthorized access attempts.
Detect Unauthorized Access to Llama Stack Service Endpoint
mediumDetects unauthorized access attempts to the Llama Stack service endpoint based on HTTP status codes indicating access denied or forbidden.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
2