Home > Vulnerability Database > CVE-2025-13888

Mend.io Vulnerability Database

CVE-2025-13888

Good to know:

Date: December 15, 2025

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.

Severity Score

9.1

Related Resources (12)

Url: https://github.com/redhat-developer/gitops-operator/pull/897

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-13888

Url: https://access.redhat.com/errata/RHSA-2025:23207

Url: https://access.redhat.com/errata/RHSA-2025:23206

Url: https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef

Url: https://github.com/redhat-developer/gitops-operator

Url: https://access.redhat.com/errata/RHSA-2025:23203

Url: https://github.com/advisories/GHSA-pcqx-8qww-7f4v

Url: https://github.com/redhat-developer/gitops-operator/releases/tag/v1.16.2

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2418361

Url: https://access.redhat.com/security/cve/CVE-2025-13888

Url: https://www.mend.io/vulnerability-database/CVE-2025-13888

Severity Score

9.1

Weakness Type (CWE)

Incorrect Privilege Assignment

CWE-266

Top Fix

Upgrade Version

Upgrade to version github.com/redhat-developer/gitops-operator - v1.16.2

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-13888

Good to know:

Date: December 15, 2025

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?