PT-2025-27012 · Ceph+1 · Ceph+1

Venky Shankar

Published

2025-06-26

Updated

2026-03-20

CVE-2025-52555

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Ceph versions 17.2.7, 18.2.1 through 18.2.4, 19.0.0 through 19.2.2

Description: Ceph is a distributed object, block, and file storage platform. An unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by changing the permissions of a directory owned by root. This allows the user to read, write, and execute any directory owned by root, impacting confidentiality, integrity, and availability.

Recommendations: For version 17.2.7, update to version 17.2.8. For versions 18.2.1 through 18.2.4, update to version 18.2.5. For versions 19.0.0 through 19.2.2, update to version 19.2.3.

Exploit

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

AZL-64386

BDU:2025-11089

BIT-CEPH-2025-52555

CVE-2025-52555

DLA-4310-1

ECHO-096D-8796-1ABE

GHSA-89HM-QQ33-2FJM

MGASA-2025-0222

OESA-2025-1838

OESA-2025-1902

OESA-2025-1903

RHSA-2026:1536

RHSA-2026:2769

Affected Products

Ceph

Debian

PT-2025-27012 · Ceph+1 · Ceph+1

CVE-2025-52555

Weakness Enumeration

Related Identifiers

Affected Products

References · 31