Remote Command Execution Vulnerability in Samba Affected Product by Samba
CVE-2025-10230

10CRITICAL

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
7 November 2025

Badges

đź“° News Worthy

What is CVE-2025-10230?

A vulnerability exists in Samba's front-end WINS hook handling where unsanitized NetBIOS names from registration packets are executed via shell commands. This flaw allows an unauthenticated network attacker to execute arbitrary commands with the privileges of the Samba process. Proper validation and escaping are absent in the handling of input data, leading to serious security implications for systems using Samba as their Active Directory Domain Controller.

News Articles

favicon imageGBHackers News

Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code

A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers.

3 weeks ago

References

https://access.redhat.com/security/cve/CVE-2025-10230
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2394377
issue-trackingx_refsource_REDHAT
https://www.samba.org/samba/history/security.html

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by GBHackers News

  • Vulnerability Reserved

JSON
.
CVE-2025-10230 : Remote Command Execution Vulnerability in Samba Affected Product by Samba