CVE-2025-52555

Name: CVE-2025-52555
Creator: NVD / NIST
Published: 2025-06-26T21:15:28.31+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.17%

Last modified Jun 17, 2026

CVE-2025-52555 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. EPSS estimates a 0.17% chance of exploitation in the next 30 days.

Description

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS Probability

0.17%

6.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-269

References

Timeline

Published: Jun 26, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-52555?

How severe is CVE-2025-52555?

CVE-2025-52555 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.17% probability of exploitation in the next 30 days.

How do I fix CVE-2025-52555?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-52555?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST