Remote Command Execution Vulnerability in Samba Affected Product by Samba
CVE-2025-10230

10CRITICAL

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
7 November 2025

Badges

📈 Score: 623👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-10230?

CVE-2025-10230 is a significant vulnerability affecting the Samba software suite, which is widely used to provide seamless file and print services to SMB/CIFS clients, including Windows systems within a network. This vulnerability arises from improper handling of NetBIOS names in WINS registration packets, where unsanitized data is sent directly into shell commands executed by Samba’s Active Directory Domain Controller. This flaw allows unauthenticated network attackers to execute arbitrary commands remotely, leveraging the service’s permissions. Organizations utilizing Samba for file sharing and domain management could face serious repercussions if attackers exploit this vulnerability, including unauthorized system access and control.

Potential Impact of CVE-2025-10230

  1. Remote Code Execution: The primary impact of CVE-2025-10230 is the ability for attackers to execute arbitrary commands on the Samba process, leading to a complete compromise of the system. This can enable further exploitation, such as data theft or the installation of malicious software.

  2. Unauthorized Access: Given that the vulnerability allows unauthenticated access, attackers do not require any legitimate credentials to exploit the system. This ease of access increases the risk of widespread system breaches, as attackers can leverage this flaw to infiltrate otherwise secure environments.

  3. Data Integrity and Confidentiality Risks: With potential remote code execution, sensitive data stored within the affected systems may be at risk. Attackers can manipulate, corrupt, or exfiltrate critical organizational data, leading to significant financial and reputational damage for the organization.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10230
Created by marcostolosa

News Articles

favicon imageGBHackers News

Critical Samba Flaw Allows Remote Attackers to Execute Arbitrary Code

A newly disclosed vulnerability in Samba’s WINS server hook script enables unauthenticated attackers to run arbitrary commands on affected domain controllers.

References

https://access.redhat.com/security/cve/CVE-2025-10230
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2394377
issue-trackingx_refsource_REDHAT
https://www.samba.org/samba/history/security.html

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • 📰

    First article discovered by GBHackers News

  • Vulnerability Reserved

JSON
.
CVE-2025-10230 : Remote Command Execution Vulnerability in Samba Affected Product by Samba