CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
redhatCNA
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
sambasamba
4.21.0 ≤
𝑥
< 4.21.6
sambasamba
4.22.0 ≤
𝑥
< 4.22.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye
2:4.13.13+dfsg-1~deb11u6
not-affected
bookworm
2:4.17.12+dfsg-0+deb12u2
not-affected
bullseye (security)
2:4.13.13+dfsg-1~deb11u7
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
trixie
2:4.22.6+dfsg-0+deb13u1
fixed
forky
2:4.23.3+dfsg-1
fixed
sid
2:4.23.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
plucky
Fixed 2:4.21.4+dfsg-1ubuntu3.1
released
oracular
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-0620
https://bugzilla.redhat.com/show_bug.cgi?id=2370453
https://www.samba.org/samba/security/CVE-2025-0620.html
http://www.openwall.com/lists/oss-security/2025/06/03/8