CVE-2025-10230: CVE-2025-10230: Samba Active Directory Domain Controller WINS Server Hook Command Injection

#security #cve #cybersecurity

CVE-2025-10230: Samba Active Directory Domain Controller WINS Server Hook Command Injection

Vulnerability ID: CVE-2025-10230
CVSS Score: 10.0
Published: 2025-11-07

A critical OS command injection vulnerability exists in Samba's Windows Internet Name Service (WINS) server implementation when configured to run as an Active Directory Domain Controller (AD DC). Unsanitized NetBIOS name data extracted from WINS registration packets is directly concatenated into a shell command invocation and executed via Samba's wins hook parameter.

TL;DR

Unauthenticated remote command execution via crafted NetBIOS Name Service packets exploiting unsanitized input in Samba's WINS hook shell invocation.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-78
Attack Vector: Network (UDP 137)
CVSS Score: 10.0
EPSS Score: 0.00378
Impact: Unauthenticated Remote Code Execution
Exploit Status: Functional PoC available
KEV Status: Not currently listed

Affected Systems

Samba (Branch 4.21, 4.22, 4.23) configured as WINS server
Red Hat Enterprise Linux 8, 9, 10
Fedora 41, 42
Samba: < 4.21.9 (Fixed in: 4.21.9)
Samba: >= 4.22.0, < 4.22.5 (Fixed in: 4.22.5)
Samba: >= 4.23.0, < 4.23.2 (Fixed in: 4.23.2)

Exploit Details

GitHub: Functional Python Proof-of-Concept exploit script for CVE-2025-10230
GitHub: Secondary Proof-of-Concept repository for vulnerability validation

Mitigation Strategies

Disable WINS support in smb.conf
Disable wins hook in smb.conf
Apply official security updates

Remediation Steps:

Locate smb.conf configuration file.
Remove or comment out the 'wins hook' directive.
Set 'wins support = no' in the global section if legacy resolution is not required.
Restart the samba and nmbd services to apply updates.

References

Read the full report for CVE-2025-10230 on our website for more details including interactive diagrams and full exploit analysis.

DEV Community