CVE-2025-10230
Published: 07 November 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-10230, published on 2025-11-07, is a critical command injection vulnerability (CWE-78) in Samba's front-end WINS hook handling within the Samba Active Directory Domain Controller. NetBIOS names from WINS registration packets are passed to a shell without proper validation or escaping, allowing unsanitized data to be inserted into executed shell commands. The vulnerability carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
An unauthenticated network attacker can exploit this flaw by sending malicious WINS registration packets containing crafted NetBIOS names. Successful exploitation enables remote command execution with the privileges of the Samba process, potentially leading to full compromise of the affected domain controller.
Advisories provide guidance on mitigation, including patches from Samba and Red Hat. Refer to the Red Hat security bulletin at https://access.redhat.com/security/cve/CVE-2025-10230, the Samba security history at https://www.samba.org/samba/history/security.html, the Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2394377, and Vicarius resources for detection at https://www.vicarius.io/vsociety/posts/cve-2025-10230-detect-samba-vulnerability and mitigation at https://www.vicarius.io/vsociety/posts/cve-2025-10230-mitigate-samba-vulnerability.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote OS command injection via crafted WINS packets enables exploitation of public-facing/remote services (T1190, T1210) leading to Unix shell execution (T1059.004).