Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue
Jun 13, 2025
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.
Arch Linux Security Advisory ASA-202506-3 ========================================= Severity: Low Date : 2025-06-06 CVE-ID : CVE-2025-0620 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2892 Summary ======= The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 4.22.2-1. # pacman -Syu "samba>=4.22.2-1" The problem has been fixed upstream in version 4.22.2. Workaround ========== None. Description =========== When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session. Impact ====== A remote authenticated attacker may retain unintended access to file shares in Samba. References ========== https://nvd.nist.gov/vuln/detail/CVE-2025-0620 https://security.archlinux.org/CVE-2025-0620
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!