CVE-2025-66003

EUVD-2026-1571
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
smb4k
bookworm
vulnerable
bullseye
vulnerable
forky
4.0.6-1
fixed
sid
4.0.6-1
fixed
trixie
4.0.0-1+deb13u1
fixed
trixie (security)
4.0.0-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
smb4k
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66003
https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html