Home > Vulnerability Database > CVE-2025-52555

Mend.io Vulnerability Database

CVE-2025-52555

Good to know:

Date: June 26, 2025

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-52555

Url: https://security-tracker.debian.org/tracker/CVE-2025-52555

Url: https://github.com/ceph/ceph/pull/60314

Url: https://www.mend.io/vulnerability-database/CVE-2025-52555

Severity Score

6.5

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version https://github.com/ceph/ceph.git - v17.2.8;https://github.com/ceph/ceph.git - v18.2.5;https://github.com/ceph/ceph.git - v19.2.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-52555

Good to know:

Date: June 26, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?