{"uuid": "d633aeae-fa6e-42b0-ac0b-61653410f5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-10230", "type": "seen", "source": "https://gist.github.com/alon710/8fec98ec60edfce9ac0dc84c5b16db44", "content": "# CVE-2025-10230: CVE-2025-10230: Samba Active Directory Domain Controller WINS Server Hook Command Injection\n\n> **CVSS Score:** 10.0\n> **Published:** 2025-11-07\n> **Full Report:** https://cvereports.com/reports/CVE-2025-10230\n\n## Summary\nA critical OS command injection vulnerability exists in Samba's Windows Internet Name Service (WINS) server implementation when configured to run as an Active Directory Domain Controller (AD DC). Unsanitized NetBIOS name data extracted from WINS registration packets is directly concatenated into a shell command invocation and executed via Samba's wins hook parameter.\n\n## TL;DR\nUnauthenticated remote command execution via crafted NetBIOS Name Service packets exploiting unsanitized input in Samba's WINS hook shell invocation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-78\n- **Attack Vector**: Network (UDP 137)\n- **CVSS Score**: 10.0\n- **EPSS Score**: 0.00378\n- **Impact**: Unauthenticated Remote Code Execution\n- **Exploit Status**: Functional PoC available\n- **KEV Status**: Not currently listed\n\n## Affected Systems\n\n- Samba (Branch 4.21, 4.22, 4.23) configured as WINS server\n- Red Hat Enterprise Linux 8, 9, 10\n- Fedora 41, 42\n- **Samba**: < 4.21.9 (Fixed in: `4.21.9`)\n- **Samba**: >= 4.22.0, < 4.22.5 (Fixed in: `4.22.5`)\n- **Samba**: >= 4.23.0, < 4.23.2 (Fixed in: `4.23.2`)\n\n## Mitigation\n\n- Disable WINS support in smb.conf\n- Disable wins hook in smb.conf\n- Apply official security updates\n\n**Remediation Steps:**\n1. Locate smb.conf configuration file.\n2. Remove or comment out the 'wins hook' directive.\n3. Set 'wins support = no' in the global section if legacy resolution is not required.\n4. Restart the samba and nmbd services to apply updates.\n\n## References\n\n- [Red Hat CVE Portal for CVE-2025-10230](https://access.redhat.com/security/cve/CVE-2025-10230)\n- [Red Hat Bugzilla Bug 2394377](https://bugzilla.redhat.com/show_bug.cgi?id=2394377)\n- [Vicarius VSociety Detection Advisory](https://www.vicarius.io/vsociety/posts/cve-2025-10230-detect-samba-vulnerability)\n- [Vicarius VSociety Mitigation Advisory](https://www.vicarius.io/vsociety/posts/cve-2025-10230-mitigate-samba-vulnerability)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2025-10230) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T12:51:13.000000Z"}