๐Ÿ” CVE Alert

CVE-2025-13888

CRITICAL 9.1

Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs

CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.

CWE CWE-266
Vendor redhat-developer
Product gitops-operator
Published Dec 15, 2025
Last Updated Jan 22, 2026
Stay Ahead of the Next One

Get instant alerts for redhat-developer gitops-operator

Be the first to know when new critical vulnerabilities affecting redhat-developer gitops-operator are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

redhat-developer / gitops-operator
0 < 1.16.2
Red Hat / Red Hat OpenShift GitOps 1.16
All versions affected
Red Hat / Red Hat OpenShift GitOps 1.17
All versions affected
Red Hat / Red Hat OpenShift GitOps 1.18
All versions affected
Red Hat / Red Hat OpenShift GitOps 1.18
All versions affected
Red Hat / Red Hat OpenShift GitOps
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23203 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23206 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23207 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1017 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-13888 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2418361 github.com: https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef github.com: https://github.com/redhat-developer/gitops-operator/pull/897 github.com: https://github.com/redhat-developer/gitops-operator/releases/tag/v1.16.2