Red Hat Security Advisory: RHOAI 2.25.2 - Red Hat OpenShift AI

CVE-2025-12805 — llama-stack-k8s-operator: Llama Stack service exposed across namespaces due to missing NetworkPolicy CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications CVE-2025-52881 — runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-66034 — fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2025-66506 — github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token CVE-2025-66626 — github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links CVE-2025-67725 — tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67726 — tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-68156 — github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68476 — github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking