CVE-2025-0620 | THREATINT

Description

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

PUBLISHED Reserved 2025-01-21 | Published 2025-06-06 | Updated 2026-03-18 | Assigner redhat

MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

Files or Directories Accessible to External Parties

Product status

Default status

unaffected

4.21.0 (semver) before 4.21.6

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Timeline

2025-06-05:	Reported to Red Hat.
2024-06-03:	Made public.

References

www.openwall.com/lists/oss-security/2025/06/03/8

access.redhat.com/security/cve/CVE-2025-0620 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2370453 (RHBZ#2370453) issue-tracking

www.samba.org/samba/security/CVE-2025-0620.html

cve.org (CVE-2025-0620)

nvd.nist.gov (CVE-2025-0620)

Download JSON