| Package | ceph |
|---|---|
| Version | 10.2.11-2+deb9u3 (stretch), 12.2.11+dfsg1-2.1+deb10u2 (buster) |
| Related CVEs | CVE-2025-52555 |
Ceph a distributed file system was affected by a vulnerability.
An unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access.
The result of this is that a user could read, write and execute to any directory as long as they chmod 777 it. This impacts confidentiality, integrity, and availability.
For Debian 10 buster, these problems have been fixed in version 12.2.11+dfsg1-2.1+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 10.2.11-2+deb9u3.
We recommend that you upgrade your ceph packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.