CVE-2025-9640

Description

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

PUBLISHED Reserved 2025-08-29 | Published 2025-10-15 | Updated 2025-10-15 | Assigner redhat

Product status

Timeline

References

access.redhat.com/security/cve/CVE-2025-9640 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2391698 (RHBZ#2391698) issue-tracking

www.samba.org/samba/history/security.html

cve.org (CVE-2025-9640)

nvd.nist.gov (CVE-2025-9640)

Download JSON