AI description
CVE-2025-10230 is a command injection vulnerability found in Samba's WINS server hook script. The vulnerability exists when Samba is running as an Active Directory Domain Controller with WINS support enabled and the 'wins hook' parameter is configured in the smb.conf file. This flaw allows unauthenticated attackers to execute arbitrary commands on affected domain controllers. The vulnerability occurs because the WINS server does not properly validate NetBIOS names passed to the wins hook program, passing them directly into a string run by a shell. By sending a specially crafted NetBIOS name containing shell metacharacters, a malicious client can inject commands that will be executed on the server with system-level privileges.
- Description
- A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- secalert@redhat.com
- CWE-78
- Hype score
- Not currently trending
POC CVE-2025-10230 - Samba WINS Hook Command Injection https://t.co/H5r0ECrGEn #Linux #Samba #CVE #Vulnerability #vCISO #POC #CyberSecurity
@vcisocloud
23 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
POC CVE-2025-10230 - Samba WINS Hook Command Injection https://t.co/H5r0ECsetV https://t.co/HOeCYujlQN
@vcisocloud
23 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #activedirectory Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs https://t.co/EpYDuDODH6
@Komodosec
22 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10230: OS Command Injection in Samba, 10.0 rating 🔥🔥🔥 An October vuln in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/5Sbl
@Netlas_io
14 Nov 2025
864 Impressions
4 Retweets
15 Likes
4 Bookmarks
0 Replies
2 Quotes
Samba - CVE-2025-10230 https://t.co/ZZq4uOm9sz
@Mas73r
14 Nov 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10230: Samba WINS handler command injection (CVSS 10.0). NetBIOS names passed unsanitized to shell = RCE on any Samba server. Legacy file sharing infrastructure needs immediate patching. Patch: https://t.co/2HxIhHTUgq
@gothburz
12 Nov 2025
474 Impressions
0 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-10230: Samba WINS hook RCE (CVSS 10.0). Unsanitized NetBIOS names from WINS registration packets passed to shell without escaping. Unauthenticated network attacker achieves RCE as Samba process on Active Directory Domain Controllers. Affects Samba versions before 4.21.9,
@gothburz
12 Nov 2025
9576 Impressions
18 Retweets
67 Likes
31 Bookmarks
4 Replies
2 Quotes
🇺🇸🇬🇧🎧🛡️ RadioCSIRT English Edition — Your Cybersecurity Update for Sunday, November 9, 2025 (Ep. 480) ⚡️ Welcome to your weekend cybersecurity briefing 🕵️♂️🔥 🐧 Samba — Remote Command Execution (CVE-2025-10230) A critical vulnerabi
@marcfredericgo
9 Nov 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
ooooooooh 🟥 CVE-2025-10230, CVSS: 10.0 (#Critical) Samba New CVE reported for a critical vulnerability in WINS hook handling. Unsanitized NetBIOS names from registration packets can lead to remote command execution by unauthenticated attackers. #CyberSecurity #CVE https:
@UjlakiMarci
8 Nov 2025
83 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
[CVE-2025-10230: CRITICAL] Critical flaw in Samba's WINS hook handling allows remote command execution by passing unsanitized data from registration packets to a shell. Vulnerable to network attackers.#cve,CVE-2025-10230,#cybersecurity https://t.co/aVo6RrDShf https://t.co/MzRxdx6
@CveFindCom
8 Nov 2025
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-10230: CRITICAL Samba flaw (CVSS 10). Unauthenticated attackers can execute remote commands via NetBIOS names—Active Directory at risk! Patch ASAP or restrict access. https://t.co/jspume7Duf #OffSeq... https://t.co/EkTYf1KhjB
@offseq
8 Nov 2025
56 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-10230 describes a critical security flaw in Samba—a widely used open-source software suite that provides seamless file and print services to SMB/CIFS clients. The vulnerability specifically affects the front-end WINS hook handling code, which processes NetBIOS name
@CveTodo
7 Nov 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10230 A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. U… https://t.co/qg1SQBBTKf
@CVEnew
7 Nov 2025
322 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
At AISLE @WeAreAisle we've surfaced & reported a ❗critical severity❗ vulnerability in Samba with the "perfect" 10.0 / 10.0 CVSS rating. ✨ CVE-2025-10230 ✨ Hidden for 13 years in production code. Samba is central to Windows/Linux cross-platform infra. Blog post belo
@stanislavfort
7 Nov 2025
989 Impressions
1 Retweet
16 Likes
1 Bookmark
4 Replies
0 Quotes
Samba の RCE 脆弱性 CVE-2025-10230 が FIX:Active Directory DC としての利用時に懸念 https://t.co/joFw7Bt1dg この Samba の脆弱性の原因は、 WINS フックの検証不足にあります。AD DC で WINS 支持を有効にし、smb.conf の wins hook で
@iototsecnews
27 Oct 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na kritickou zranitelnost v Samba, CVE-2025-10230. Zranitelnost umožňuje spouštět libovolné příkazy na hostiteli. Pokud má server Samba povolenou podporu WINS (ve výchozím nastavení je vypnutá) a je v něm zadán parametr „wins hook“, bude progra
@GOVCERT_CZ
17 Oct 2025
473 Impressions
3 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-10230(CVSS 10.0): Command Injection and RCE in Samba Samba AD DC with wins support=yes and a wins hook allows remote, unauthenticated command execution via malicious NetBIOS names. 🎯2.3m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗F
@fofabot
17 Oct 2025
2490 Impressions
11 Retweets
48 Likes
30 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-10230 (CVSS 10.0) : Critical Samba RCE Flaw Allows Unauthenticated Command Injection on AD DCs 📊5.5K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/XY0uzhmP0v 👇Query HUNTER : https://t.co/q9rtuGfZuz="Sambar Ser
@HunterMapping
17 Oct 2025
3541 Impressions
26 Retweets
71 Likes
34 Bookmarks
0 Replies
0 Quotes
Samba critical CVE-2025-10230: Command injection via WINS server hook script https://t.co/h0Bgdki3Z9
@Dinosn
16 Oct 2025
1683 Impressions
1 Retweet
3 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-10230 (CVSS 10): Critical Samba RCE Flaw Unauthenticated RCE in Samba AD DCs: improper input sanitization in the WINS server lets attackers inject commands via "wins hook". ZoomEye Dork👉banner="Samba" Over 265.8k vulnerable instances. ZoomEye Link: https://t.
@zoomeye_team
16 Oct 2025
13864 Impressions
58 Retweets
187 Likes
92 Bookmarks
3 Replies
1 Quote
📝 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐒𝐚𝐦𝐛𝐚 𝐑𝐂𝐄 𝐅𝐥𝐚𝐰 𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟏𝟎𝟐𝟑𝟎 𝐀𝐥𝐥𝐨𝐰𝐬 𝐔𝐧𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞𝐝 𝐂𝐨𝐦𝐦𝐚𝐧𝐝 𝐈𝐧𝐣𝐞𝐜𝐭
@PurpleOps_io
16 Oct 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: #Samba #RCE: aggiornamenti di sicurezza sanano 2 vulnerabilità, di cui una con gravità “critica” - CVE-2025-10230 - nel meccanismo wins hook Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗https://t.co/P3RAeYrhJl 🔄 Aggiornamenti disponib… https://
@Vulcanux_
16 Oct 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: Severe Samba RCE vulnerability CVE-2025-10230 threatens global Active Directory Domain Controllers. Urgent action required to mitigate risks. https://t.co/teprTrBkVN #CyberSecurity #OSINT
@STRATINT_AI
16 Oct 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SambaにCVSSスコア10の脆弱性。CVE-2025-10230はAD DCでWINSサーバが有効で、wins hookの設定が有効な場合にコマンドインジェクションが成立。修正版あり。 https://t.co/h6mM3xh8uZ
@__kokumoto
16 Oct 2025
2837 Impressions
20 Retweets
28 Likes
12 Bookmarks
0 Replies
2 Quotes
you might be like, wtf runs wins enabled samba in '25 - the real question you should be asking is wtf do you run a multi-process, multi-user (unauth'd) system that allows 10.0 cmd injection in '25 - run nanos unikernels - CVE-2025-10230 https://t.co/gxbvbjtxrg
@nanovms
16 Oct 2025
810 Impressions
0 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes