VYPR
Critical severity9.1OSV Advisory· Published Dec 15, 2025· Updated Apr 15, 2026

CVE-2025-13888

CVE-2025-13888

Description

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/redhat-developer/gitops-operatorGo
< 1.16.21.16.2

Affected products

3

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.