BIT-ceph-2025-52555

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/ceph/BIT-ceph-2025-52555.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-ceph-2025-52555

Aliases

CVE-2025-52555
GHSA-89hm-qq33-2fjm

Published

2026-03-20T09:05:53.515Z

Modified

2026-03-20T10:11:10.806730Z

Summary

CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS

Details

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.

Database specific

{
    "cpes": [
        "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / ceph

Package

Name: ceph
Purl: pkg:bitnami/ceph

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

17.2.7

Fixed

17.2.8

Introduced

18.2.1

Fixed

18.2.5

Introduced

19.0.0

Fixed

19.2.3

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/ceph/BIT-ceph-2025-52555.json"