Description

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.

INFO

Published Date :

2025-11-07T19:42:06.624Z

Last Modified :

2026-02-26T17:47:06.972Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10230 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10230.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-10230 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2394377 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-10230 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-10230 cve-icon
https://www.samba.org/samba/history/security.html cve-icon cve-icon cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-10230-detect-samba-vulnerability cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-10230-mitigate-samba-vulnerability cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact