The vulnerable component of OpenStack ironic-python-agent occasionally runs the system tool grub-install inside a chrooted environment during image deployment. If the image being deployed contains malicious content, the grub-install invocation can execute arbitrary code with elevated privileges. The flaw is an instance of improper restriction of operations within a privileged context and raises the risk of full compromise on the host that runs the deployment, affecting confidentiality, integrity, and availability of the target system.

OpenStack ironic-python-agent versions 1.0.0 through 11.5.0 are affected. Any deployment environment that uses these releases for provisioning nodes—such as typical OpenStack cloud installations—must be evaluated. The vulnerability is tied to the agent code rather than to an underlying operating system, so the impact is confined to the host executing the ironic-python-agent.

The CVSS score of 8.0 classifies this flaw as high severity. EPSS score is <1%, indicating a very low but nonzero probability of exploitation, but the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be a malicious image supplied through the build or repository pipeline; an attacker with the ability to craft or alter an image can trigger grub-install during deployment. Successful exploitation could lead to arbitrary code execution within the chroot, with the potential to escape to the host shell if the agent runs with sufficient privileges.