CCTR.41.OCT.25

Monday morning cyber coffee read CCTR.41.OCT.25

Red Hat has confirmed that an unauthorised party accessed and copied data from a GitLab instance used by its Consulting team. The affected environment contained internal collaboration data from consulting engagements. While Red Hat’s core products and software supply chain remain unaffected, consulting engagement data may have been exposed.

Monitor Red Hat’s official advisories for ongoing updates and mitigation guidance.

Be alert for targeted phishing or impersonation attempts referencing Red Hat projects.

Review any shared code or project artefacts from Red Hat Consulting engagements for potential data sensitivity, even if you have not yet been contacted by Red Hat.

https://www.redhat.com/en/blog/security-update-incident-related-red-hat-consulting-gitlab-instance

While we’re still on the topic of Red Hat but in an unrelated matter….

A high risk privilege escalation vulnerability (CVE-2025-10725, CVSS 9.9) has been disclosed in Red Hat OpenShift AI, a platform used to manage and deploy predictive and generative AI models across hybrid cloud environments. The flaw allows a low-privileged, authenticated attacker. For example, a data scientist using a standard Jupyter notebook to escalate privileges to full cluster administrator and potentially take control of the entire infrastructure.

This issue is unrelated to the Red Hat Consulting GitLab breach reported separately.

If you’re using Red Hat OpenShift AI, it’s time to patch, review RBAC permissions and monitor closely for signs of potential exploitation.

https://bugzilla.redhat.com/show_bug.cgi?id=2396641

Broadcom has disclosed a local privilege escalation vulnerability (CVE-2025-41244) affecting VMware Tools and VMware Aria Operations. The flaw, exploited as a zero-day since mid October 2024, allows unprivileged users to execute code with elevated (root) privileges.

The vulnerability impacts both proprietary VMware components and the open-source open-vm-tools, making it widely relevant across virtualised Linux environments. Security firm NVISO has confirmed in the wild exploitation linked to UNC5174, a Chinese state sponsored threat actor known for leveraging public exploits for initial access.

Active exploitation by a state-sponsored threat actor reinforces the critical need for immediate patching and continuous monitoring across all your VMware environments.

https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/

PreviousCCTR.42.OCT.25 NextCCTR.40.SEP.25

Last updated 2 months ago