Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root

A critical vulnerability has been uncovered in Red Hat OpenShift GitOps, exposing Kubernetes clusters to a complete takeover by users with limited privileges. Tracked as CVE-2025-13888 with a severity score of 9.1 (Critical), the flaw allows namespace administrators to trick the system into granting them root access to the entire cluster.

The vulnerability resides in how the GitOps operator handles ArgoCD Custom Resources (CRs), effectively turning a standard administrative feature into a privilege escalation weapon.

OpenShift GitOps is designed to automate deployments using Git as a single source of truth. However, researchers found that the permission model for creating ArgoCD CRs is too permissive.

“If you can create ArgoCD CRs, you basically can overtake the whole cluster,” the vulnerability report states.

The attack vector works by manipulating the sourceNamespaces field within an ArgoCD CR. A namespace admin—typically restricted to managing their own isolated slice of the cluster—can define a target namespace (even a privileged one like default) in this field.

“When I do create the ArgoCD CR the operator will annotate the specified sourceNamespaces with the label… Additionally the Operator will create a RoleBinding and a Role within the namespace”.

Once the operator processes this malicious CR, it unwittingly grants the attacker’s service accounts access to the target namespace.

The consequences are catastrophic:

• Privilege Grant: The operator creates a RoleBinding that links the attacker’s ArgoCD instance to the target namespace .
• Privileged Workloads: By targeting a namespace with a privileged Security Context Constraint (SCC), such as default, the attacker gains the ability to run privileged Jobs.
• Cluster Takeover: “The job can even run on Master nodes so basically, I have root access to the master nodes and can fully overtake the cluster without a problem”.

This vulnerability fundamentally breaks the isolation model of Kubernetes multi-tenancy. “This seems to be a security issue from my point of view because all it needs is a namespace admin to overtake the whole cluster,” the report concludes .

Administrators are strongly advised to audit their OpenShift GitOps operator versions and apply the latest security patches immediately. Restricting the ability to create ArgoCD Custom Resources to trusted cluster administrators can also serve as a temporary mitigation.

Related Posts:

• CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise
• Critical Flaws in Red Hat OpenShift: CVE-2024-45496 (CVSS 9.9) & CVE-2024-7387 (CVSS 9.1)
• Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions
• A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks