Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN401
_____________________________________________________________________

DATE                : 27/06/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ceph versions prior to 17.2.8,
                                    18.2.5, 19.2.3

=====================================================================
https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm
_____________________________________________________________________


CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
Moderate
mctaggatart published GHSA-89hm-qq33-2fjm Jun 26, 2025

Package
No package listed

Affected versions
17.2.7, 18.2.1-18.2.4, 19.0.0-19.2.2

Patched versions
17.2.8, 18.2.5, 19.2.3


Description

A flaw was found in CephFS. An unprivileged user can escalate to root
privileges in a ceph-fuse mounted CephFS by chmod 777 a directory
owned by root to gain access.

The result of this is that a user could read, write and execute to any
directory owned by root as long as they chmod 777 it. This impacts
confidentiality, integrity, and availability.

It is patched via the following PRs: 17.2.8 , 18.2.5, and 19.2.3


Severity
Moderate
6.5/ 10

CVSS v3 base metrics
Attack vector
Adjacent
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CVE ID
CVE-2025-52555

Weaknesses
CWE-269


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================