{"schema_version":"1.7.2","id":"OESA-2025-1902","modified":"2025-07-25T13:17:03Z","published":"2025-07-25T13:17:03Z","upstream":["CVE-2025-52555"],"summary":"ceph security update","details":"Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.\r\n\r\nSecurity Fix(es):\n\nA vulnerability classified as problematic has been found in Ceph up to 17.2.7/18.2.4/19.2.2.CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.This is going to have an impact on confidentiality.Upgrading to version 18.2.5 or 19.2.3 eliminates this vulnerability.(CVE-2025-52555)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"ceph","purl":"pkg:rpm/openEuler/ceph&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.2.2-8.oe2403sp2"}]}],"ecosystem_specific":{"aarch64":["ceph-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-base-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-common-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-debuginfo-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-debugsource-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-exporter-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-fuse-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-immutable-object-cache-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-mds-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-mgr-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-mon-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-osd-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-radosgw-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-selinux-18.2.2-8.oe2403sp2.aarch64.rpm","ceph-test-18.2.2-8.oe2403sp2.aarch64.rpm","cephfs-mirror-18.2.2-8.oe2403sp2.aarch64.rpm","libcephfs-devel-18.2.2-8.oe2403sp2.aarch64.rpm","libcephfs2-18.2.2-8.oe2403sp2.aarch64.rpm","libcephsqlite-18.2.2-8.oe2403sp2.aarch64.rpm","libcephsqlite-devel-18.2.2-8.oe2403sp2.aarch64.rpm","librados-devel-18.2.2-8.oe2403sp2.aarch64.rpm","librados2-18.2.2-8.oe2403sp2.aarch64.rpm","libradospp-devel-18.2.2-8.oe2403sp2.aarch64.rpm","libradosstriper-devel-18.2.2-8.oe2403sp2.aarch64.rpm","libradosstriper1-18.2.2-8.oe2403sp2.aarch64.rpm","librbd-devel-18.2.2-8.oe2403sp2.aarch64.rpm","librbd1-18.2.2-8.oe2403sp2.aarch64.rpm","librgw-devel-18.2.2-8.oe2403sp2.aarch64.rpm","librgw2-18.2.2-8.oe2403sp2.aarch64.rpm","python3-ceph-argparse-18.2.2-8.oe2403sp2.aarch64.rpm","python3-ceph-common-18.2.2-8.oe2403sp2.aarch64.rpm","python3-cephfs-18.2.2-8.oe2403sp2.aarch64.rpm","python3-rados-18.2.2-8.oe2403sp2.aarch64.rpm","python3-rbd-18.2.2-8.oe2403sp2.aarch64.rpm","python3-rgw-18.2.2-8.oe2403sp2.aarch64.rpm","rados-objclass-devel-18.2.2-8.oe2403sp2.aarch64.rpm","rbd-fuse-18.2.2-8.oe2403sp2.aarch64.rpm","rbd-mirror-18.2.2-8.oe2403sp2.aarch64.rpm","rbd-nbd-18.2.2-8.oe2403sp2.aarch64.rpm"],"noarch":["ceph-grafana-dashboards-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mgr-cephadm-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mgr-dashboard-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mgr-diskprediction-local-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mgr-k8sevents-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mgr-modules-core-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mgr-rook-18.2.2-8.oe2403sp2.noarch.rpm","ceph-mib-18.2.2-8.oe2403sp2.noarch.rpm","ceph-prometheus-alerts-18.2.2-8.oe2403sp2.noarch.rpm","ceph-resource-agents-18.2.2-8.oe2403sp2.noarch.rpm","ceph-volume-18.2.2-8.oe2403sp2.noarch.rpm","cephadm-18.2.2-8.oe2403sp2.noarch.rpm","cephfs-top-18.2.2-8.oe2403sp2.noarch.rpm"],"src":["ceph-18.2.2-8.oe2403sp2.src.rpm"],"x86_64":["ceph-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-base-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-common-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-debuginfo-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-debugsource-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-exporter-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-fuse-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-immutable-object-cache-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-mds-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-mgr-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-mon-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-osd-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-radosgw-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-selinux-18.2.2-8.oe2403sp2.x86_64.rpm","ceph-test-18.2.2-8.oe2403sp2.x86_64.rpm","cephfs-mirror-18.2.2-8.oe2403sp2.x86_64.rpm","libcephfs-devel-18.2.2-8.oe2403sp2.x86_64.rpm","libcephfs2-18.2.2-8.oe2403sp2.x86_64.rpm","libcephsqlite-18.2.2-8.oe2403sp2.x86_64.rpm","libcephsqlite-devel-18.2.2-8.oe2403sp2.x86_64.rpm","librados-devel-18.2.2-8.oe2403sp2.x86_64.rpm","librados2-18.2.2-8.oe2403sp2.x86_64.rpm","libradospp-devel-18.2.2-8.oe2403sp2.x86_64.rpm","libradosstriper-devel-18.2.2-8.oe2403sp2.x86_64.rpm","libradosstriper1-18.2.2-8.oe2403sp2.x86_64.rpm","librbd-devel-18.2.2-8.oe2403sp2.x86_64.rpm","librbd1-18.2.2-8.oe2403sp2.x86_64.rpm","librgw-devel-18.2.2-8.oe2403sp2.x86_64.rpm","librgw2-18.2.2-8.oe2403sp2.x86_64.rpm","python3-ceph-argparse-18.2.2-8.oe2403sp2.x86_64.rpm","python3-ceph-common-18.2.2-8.oe2403sp2.x86_64.rpm","python3-cephfs-18.2.2-8.oe2403sp2.x86_64.rpm","python3-rados-18.2.2-8.oe2403sp2.x86_64.rpm","python3-rbd-18.2.2-8.oe2403sp2.x86_64.rpm","python3-rgw-18.2.2-8.oe2403sp2.x86_64.rpm","rados-objclass-devel-18.2.2-8.oe2403sp2.x86_64.rpm","rbd-fuse-18.2.2-8.oe2403sp2.x86_64.rpm","rbd-mirror-18.2.2-8.oe2403sp2.x86_64.rpm","rbd-nbd-18.2.2-8.oe2403sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1902"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52555"}],"database_specific":{"severity":"Medium"}}