Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-10230) has been identified in Samba. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-11-14 update date : 2025-11-14

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025111103112828 Publication Time 2025/11/11 15:16
Incident Type ANA-Vulnerability Alert Discovery Time 2025/11/11 15:16
Impact Level Medium  
[Subject]
【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-10230) has been identified in Samba. Please verify and apply the necessary patches as soon as possible.
[Content]
Forwarded from the National Institute of Cyber Security NISAC-200-202511-00000079

Researchers have discovered an operating system command injection (OS Command Injection) vulnerability (CVE-2025-10230) in Samba. If a user deploys a Samba AD Domain Controller server and enables WINS protocol support, a remote attacker without authentication can inject arbitrary operating system commands and execute them on the Samba server.

Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
Samba versions prior to 4.21.9 (exclusive)

Samba versions 4.22.0 through 4.22.5 (exclusive)

Samba versions 4.23.0 through 4.23.2 (exclusive)

[Recommended Actions]
The vendor has released security updates to address this vulnerability. Please refer to the official documentation for update instructions at the following URL:

https://www.samba.org/samba/history/security.html

[Reference]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-10230

2. https://www.samba.org/samba/security/CVE-2025-10230.html

3. https://www.samba.org/samba/history/security.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print