UBUNTU-CVE-2025-52555

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-52555

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-52555.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-52555

Upstream

CVE-2025-52555

Published

2025-06-26T21:15:00Z

Modified

2025-07-14T07:02:42.310002Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@0.80.11-0ubuntu1.14.04.4+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.67.4-0ubuntu2

0.67.4-0ubuntu3

0.72-0ubuntu1

0.72.1-0ubuntu1

0.72.1-2

0.72.1-3

0.72.2-1

0.72.2-2

0.78-0ubuntu1

0.79-0ubuntu1

0.80.1-0ubuntu1

0.80.1-0ubuntu1.1

0.80.5-0ubuntu0.14.04.1

0.80.7-0ubuntu0.14.04.1

0.80.9-0ubuntu0.14.04.1

0.80.9-0ubuntu0.14.04.2

0.80.10-0ubuntu0.14.04.1

0.80.10-0ubuntu1.14.04.2

0.80.10-0ubuntu1.14.04.3

0.80.11-0ubuntu1.14.04.1

0.80.11-0ubuntu1.14.04.2

0.80.11-0ubuntu1.14.04.3

0.80.11-0ubuntu1.14.04.4

0.80.11-0ubuntu1.14.04.4+esm2

Ubuntu:Pro:16.04:LTS / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.94.3-0ubuntu2

0.94.5-0ubuntu1

9.*

9.2.0-0ubuntu3

9.2.0-0ubuntu4

9.2.0-0ubuntu5

9.2.0-0ubuntu6

10.*

10.0.2-0ubuntu1

10.0.3-0ubuntu1

10.0.5-0ubuntu1

10.1.0-0ubuntu1

10.1.1-0ubuntu1

10.1.2-0ubuntu1

10.2.0-0ubuntu0.16.04.1

10.2.0-0ubuntu0.16.04.2

10.2.2-0ubuntu0.16.04.2

10.2.3-0ubuntu0.16.04.2

10.2.5-0ubuntu0.16.04.1

10.2.6-0ubuntu0.16.04.1

10.2.7-0ubuntu0.16.04.1

10.2.9-0ubuntu0.16.04.1

10.2.10-0ubuntu0.16.04.1

10.2.11-0ubuntu0.16.04.1

10.2.11-0ubuntu0.16.04.2

10.2.11-0ubuntu0.16.04.3

10.2.11-0ubuntu0.16.04.3+esm1

Ubuntu:Pro:18.04:LTS / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.11+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.2.0-0ubuntu1

12.2.1-0ubuntu1

12.2.2-0ubuntu1

12.2.2-0ubuntu2

12.2.4-0ubuntu1

12.2.4-0ubuntu1.1

12.2.7-0ubuntu0.18.04.1

12.2.8-0ubuntu0.18.04.1

12.2.8-0ubuntu0.18.04.2

12.2.11-0ubuntu0.18.04.1

12.2.11-0ubuntu0.18.04.2

12.2.12-0ubuntu0.18.04.1

12.2.12-0ubuntu0.18.04.2

12.2.12-0ubuntu0.18.04.3

12.2.12-0ubuntu0.18.04.4

12.2.12-0ubuntu0.18.04.5

12.2.13-0ubuntu0.18.04.2

12.2.13-0ubuntu0.18.04.3

12.2.13-0ubuntu0.18.04.4

12.2.13-0ubuntu0.18.04.5

12.2.13-0ubuntu0.18.04.6

12.2.13-0ubuntu0.18.04.7

12.2.13-0ubuntu0.18.04.8

12.2.13-0ubuntu0.18.04.10

12.2.13-0ubuntu0.18.04.11

12.2.13-0ubuntu0.18.04.11+esm1

Ubuntu:Pro:20.04:LTS / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@15.2.17-0ubuntu0.20.04.6?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

14.*

14.2.2-0ubuntu3

14.2.2-0ubuntu4

14.2.4-0ubuntu1

14.2.4-0ubuntu2

14.2.4-0ubuntu3

15.*

15.1.0-0ubuntu2

15.1.0-0ubuntu3

15.1.1-0ubuntu1

15.2.0-0ubuntu1

15.2.0-0ubuntu2

15.2.1-0ubuntu1

15.2.1-0ubuntu2

15.2.3-0ubuntu0.20.04.1

15.2.3-0ubuntu0.20.04.2

15.2.5-0ubuntu0.20.04.1

15.2.7-0ubuntu0.20.04.1

15.2.7-0ubuntu0.20.04.2

15.2.8-0ubuntu0.20.04.1

15.2.11-0ubuntu0.20.04.2

15.2.12-0ubuntu0.20.04.1

15.2.13-0ubuntu0.20.04.1

15.2.13-0ubuntu0.20.04.2

15.2.14-0ubuntu0.20.04.1

15.2.14-0ubuntu0.20.04.2

15.2.16-0ubuntu0.20.04.1

15.2.17-0ubuntu0.20.04.1

15.2.17-0ubuntu0.20.04.3

15.2.17-0ubuntu0.20.04.4

15.2.17-0ubuntu0.20.04.5

15.2.17-0ubuntu0.20.04.6

Ubuntu:22.04:LTS / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@17.2.7-0ubuntu0.22.04.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.2.6-0ubuntu1

16.2.6-0ubuntu2

16.2.6-0ubuntu3

16.2.7-0ubuntu1

16.2.7-0ubuntu4

17.*

17.1.0-0ubuntu1

17.1.0-0ubuntu2

17.1.0-0ubuntu3

17.2.0-0ubuntu0.22.04.1

17.2.0-0ubuntu0.22.04.2

17.2.5-0ubuntu0.22.04.2

17.2.5-0ubuntu0.22.04.3

17.2.6-0ubuntu0.22.04.1

17.2.6-0ubuntu0.22.04.2

17.2.6-0ubuntu0.22.04.3

17.2.7-0ubuntu0.22.04.1

17.2.7-0ubuntu0.22.04.2

Ubuntu:24.04:LTS / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@19.2.1-0ubuntu0.24.04.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.2.0-0ubuntu3

18.2.0-0ubuntu6

18.2.0-0ubuntu7

19.*

19.2.0~git20240301.4c76c50-0ubuntu3

19.2.0~git20240301.4c76c50-0ubuntu4

19.2.0~git20240301.4c76c50-0ubuntu6

19.2.0~git20240301.4c76c50-0ubuntu6.1

19.2.0-0ubuntu0.24.04.1

19.2.0-0ubuntu0.24.04.2

19.2.1-0ubuntu0.24.04.2

Ubuntu:25.04 / ceph

Package

Name: ceph
Purl: pkg:deb/ubuntu/ceph@19.2.1-0ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.2.0-0ubuntu2

19.2.0-0ubuntu6

19.2.1-0ubuntu1