AZL-69782

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69782.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-69782

Upstream

CVE-2025-10230

Published

2025-11-07T20:15:35Z

Modified

2026-04-21T04:36:14.331972Z

Summary

CVE-2025-10230 affecting package samba 4.12.5-7

Details

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-10230

Affected packages

Azure Linux:2 / samba

Package

Name: samba
Purl: pkg:rpm/azure-linux/samba

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.12.5-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69782.json"