Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABBoStj3fbqaQi2uDo83wP+zdn+ODvywSC1C=e0-+x1+GLm6Hw@mail.gmail.com>
Date: Thu, 26 Jun 2025 16:09:29 -0400
From: "Sage [They / Them] McTaggart" <amctagga@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-52555 Ceph: CephFS Permission Escalation Vulnerability in
 Ceph Fuse mounted FS

Hello all,
A flaw was found in CephFS. An unprivileged user can escalate to root
privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by
root to gain access.

The result of this is that a user could read, write and execute to any
directory owned by root as long as they chmod 777 it. This impacts
confidentiality, integrity, and availability.

Our public advisory may be found at the following URL
https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm

We have assigned it a CVE of CVE-2025-52555 with a CVSS Score of 6.5
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

It is patched via 17.2.8 <https://github.com/ceph/ceph/pull/60314> , 18.2.5,
and 19.2.3 in upstream Ceph.
Credits to: Ben Stöver for discovery, and Mark Nelson, Dan van der Ster,
and Joshua Blanch for reporting.

Sage McTaggart
IBM Product Security

amct@...hat.com

sagemct@....com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.