Information Disclosure Vulnerability in Samba by the Samba Team
CVE-2025-9640

4.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
15 October 2025

What is CVE-2025-9640?

An issue has been identified in Samba's vfs_streams_xattr module where uninitialized heap memory can be manipulated, enabling authenticated users to access alternate data streams. This incident may expose previously stored sensitive information from residual memory, highlighting a significant risk for data privacy and unauthorized access.

References

https://access.redhat.com/security/cve/CVE-2025-9640
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2391698
issue-trackingx_refsource_REDHAT
https://www.samba.org/samba/history/security.html

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-9640 : Information Disclosure Vulnerability in Samba by the Samba Team