It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian8.09.0Opensuse Leap
OSOpensuse15.0Red Hat Ceph
APPRedhat10.2.0 – 13.2.1Red Hat Ceph Storage
APPRedhat3Red Hat Ceph Storage Mon
APPRedhat23Red Hat Ceph Storage Osd
APPRedhat23Red Hat Enterprise Linux
OSRedhat7.0Red Hat Enterprise Linux Desktop
OSRedhat7.0Red Hat Enterprise Linux Server
OSRedhat7.0Red Hat Enterprise Linux Workstation
OSRedhat7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
References
Related vulnerabilities
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki