CVE-2025-66002 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Debian Releases

Debian Product

Codename

smb4k

bookworm	vulnerable
bullseye	vulnerable
forky	4.0.6-1 fixed
sid	4.0.6-1 fixed
trixie	4.0.0-1+deb13u1 fixed
trixie (security)	4.0.0-1+deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

smb4k

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002

https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html