CVE-2025-52555
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in CephFS allows an unprivileged user to escalate their privileges to root by using the chmod 777 command on a directory owned by root within a ceph-fuse mounted filesystem. This grants the user read, write, and execute permissions on that root-owned directory, effectively giving them root-level access. The issue arises because the system improperly allows permission changes by unprivileged users that lead to privilege escalation. It affects specific versions of Ceph and is fixed in later releases. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an unprivileged user to gain root privileges on your CephFS system. This means the attacker could read, modify, or execute files in directories owned by root, compromising the confidentiality, integrity, and availability of your data and system. Such unauthorized access could lead to data breaches, unauthorized changes, or disruption of services. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your CephFS to a patched version where the issue is fixed. Specifically, update to version 17.2.8, 18.2.5, or 19.2.3 or later. These versions include the fix that prevents unprivileged users from using chmod 777 on root-owned directories in ceph-fuse mounts, thereby preventing privilege escalation. [1, 2]