CVE-2025-66002

Local users can perform arbitrary unmounts via smb4k mount helper due to lack of input validation

Description

An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper

INFO

Published Date :

2026-01-08T14:25:44.172Z

Last Modified :

2026-01-08T15:55:57.881Z

Source :

suse

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66002 vulnerability.

Vendors	Products
Kde	Kde
Smb4k	Smb4k

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66002.

URL	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002
https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability