Wiz
Vulnerability DatabaseCVE-2025-10230

CVE-2025-10230
Samba vulnerability analysis and mitigation

Overview

CVE-2025-10230 is a critical command injection vulnerability discovered in Samba's WINS server implementation. The vulnerability affects all Samba versions since 4.0 when configured as an Active Directory Domain Controller with WINS support enabled and a 'wins hook' parameter set. The flaw was discovered by Igor Morgenstern of Aisle Research and was publicly disclosed on October 15, 2025 (Samba Security, Security Online).

Technical details

The vulnerability stems from insufficient input validation in the WINS server component of Samba Active Directory Domain Controllers. When the WINS server processes name changes, it executes the program specified by the 'wins hook' parameter without properly validating the input names. These names are directly inserted into shell commands, allowing attackers to inject shell metacharacters within the 15-character NetBIOS name limit. The vulnerability has received a CVSS v3.1 score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating the highest possible severity (Samba Security).

Impact

The vulnerability enables unauthenticated remote code execution on affected Samba Active Directory Domain Controllers. An attacker can execute arbitrary commands on the host system without requiring any authentication, potentially leading to complete system compromise. It's worth noting that the vulnerability only affects domain controllers with WINS support enabled and a configured 'wins hook' parameter (Security Online).

Mitigation and workarounds

Several mitigation options are available: 1) Upgrade to Samba versions 4.23.2, 4.22.5, or 4.21.9 which contain the security fix, 2) Avoid setting the 'wins hook' parameter in the smb.conf of a Samba AD Domain Controller, or 3) Ensure 'wins support' is set to 'no' (which is the default value). The Samba team has noted that the 'wins hook' parameter is unlikely to be useful on a domain controller and may not be supported in future releases (Samba Security).

Community reactions

The vulnerability has received significant attention due to its critical severity rating. The Ubuntu security team has classified it as a medium priority issue, noting that per Samba developers, this is an unusual configuration that "will affect very few, possibly zero, users" (Ubuntu Security).

Additional resources

SourceThis report was generated using AI

Related Samba vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-10230CRITICAL10
  • SambaSamba
  • libsamba-policy-python3-devel
NoYesOct 15, 2025
CVE-2020-25720HIGH7.5
  • SambaSamba
  • samba-krb5-printing-debuginfo
NoYesNov 17, 2024
CVE-2025-0620MEDIUM4.9
  • SambaSamba
  • samba-python3
NoYesJun 06, 2025
CVE-2025-9640MEDIUM4.3
  • SambaSamba
  • libwbclient-devel
NoYesOct 15, 2025
CVE-2025-58160LOW2.3
  • RustRust
  • loupe-debuginfo
NoYesAug 29, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo