CVE-2025-13888

Source
https://cve.org/CVERecord?id=CVE-2025-13888
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13888.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-13888
Aliases
Downstream
Related
Published
2025-12-15T15:36:49.274Z
Modified
2026-07-15T01:49:20.544079031Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
Details

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.

Database specific
{
    "cwe_ids": [
        "CWE-266"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13888.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/redhat-developer/gitops-operator

Affected ranges

Type
GIT
Repo
https://github.com/redhat-developer/gitops-operator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.16.2"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.0.2
v1.*
v1.1.0
v1.11.0
v1.16.0
v1.16.1
v1.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13888.json"