Bug 2374412 (CVE-2025-52555) - CVE-2025-52555 ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS
Summary: CVE-2025-52555 ceph: privilege escalation by unprivileged users in a ceph-fus...
Keywords:
Status: NEW
Alias: CVE-2025-52555
Deadline: 2025-06-26
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2374416 2374417 2375687 2375688 2374414 2374415
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-06-23 21:33 UTC by OSIDB Bzimport
Modified: 2025-07-14 20:21 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-06-23 21:33:47 UTC 
A non-privileged user can change the permissions from a directory owned by the root user an can gain access to the targeted directory.
Comment 3 Martin Hecht 2025-07-14 20:21:13 UTC 
Question: Is this limited to the fuse-client, or are mounts via systemd unit affected, too?
Note You need to log in before you can comment on or make changes to this bug.