[Security Vulnerability Alert] Samba has a high-risk security vulnerability (CVE-2025-10230). Please confirm and patch it as soon as possible.

[Security Vulnerability Alert] Samba has a high-risk security vulnerability (CVE-2025-10230). Please confirm and patch it as soon as possible.

2025/11/13 ～ 2026/5/13

View Count：29

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202511-00000079

[Content Description]
Researchers have discovered an OS Command Injection vulnerability (CVE-2025-10230) in Samba. If a user sets up a Samba AD Domain Controller server and enables WINS protocol support, an unauthenticated remote attacker can inject arbitrary operating system commands into the Samba server for execution.

[Affected Platforms]
Samba versions prior to 4.21.9
Samba versions 4.22.0 to 4.22.5
Samba versions 4.23.0 to 4.23.2

[Recommended Actions]
The official patch has been released. Please refer to the official documentation for updates. The URL is as follows: https://www.samba.org/samba/history/security.html

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-10230
2. https://www.samba.org/samba/security/CVE-2025-10230.html
3. https://www.samba.org/samba/history/security.html

[Security Vulnerability Alert] Samba has a high-risk security vulnerability (CVE-2025-10230). Please confirm and patch it as soon as possible.

2025/11/13 ～ 2026/5/13

View Count：29

Files

None

【Back】