Main Vulnerability Database SB2025102125

SB2025102125 - SUSE update for samba

Published: October 21, 2025 Updated: October 24, 2025

Security Bulletin ID SB2025102125

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2025-10230)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in WINS server. A remote attacker can send a specially crafted hostname to the server containing shell commands and execute arbitrary OS commands on the target system.

2) Out-of-bounds read (CVE-ID: CVE-2025-9640)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20253677-1/

Vulnerable Software

SUSE Enterprise Server 15 SP3 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise High Availability Extension 15: SP3
SUSE Linux Enterprise Server for SAP Applications 15: SP3
SUSE Linux Enterprise Server 15: SP3
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Linux Enterprise Micro: 5.2
openSUSE Leap: 15.3
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
samba-libs-python3-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-libs-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy0-python3-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-python3-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-libs-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-devel-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-libs-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-libs-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy0-python3-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-libs-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-libs-64bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-64bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ceph-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ceph: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-doc: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy0-python3-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-python3-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-libs-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-python3-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-devel-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy0-python3-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-libs-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-libs-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-libs-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-libs-32bit: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-libs-32bit-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ldb-ldap: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba: before 4.15.13+git.736.b791be993ba-150300.3.96.1
ctdb: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-gpupdate: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy-python3-devel: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-python3: before 4.15.13+git.736.b791be993ba-150300.3.96.1
ctdb-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-python3-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-libs: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-devel: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-dsdb-modules-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
ctdb-pcp-pmda-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-libs-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-libs-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy0-python3-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-test: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-tool: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy0-python3: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-libs-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
libsamba-policy-devel: before 4.15.13+git.736.b791be993ba-150300.3.96.1
ctdb-pcp-pmda: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-client-libs: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc-libs: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-winbind-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-python3-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-libs: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ldb-ldap-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-dsdb-modules: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-test-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-debugsource: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-ad-dc: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-debuginfo: before 4.15.13+git.736.b791be993ba-150300.3.96.1
samba-python3: before 4.15.13+git.736.b791be993ba-150300.3.96.1