SUSE: Samba Critical Command Injection Fix Advisory 2025:21005-1

suse

November 26, 2025

* bsc#1249087 * bsc#1249179 * bsc#1249180 * bsc#1249181 * bsc#1251279

Summary

## This update for samba fixes the following issues: Update to 4.22.5: * CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). * Relax samba-gpupdate requirement for cepces, certmonger, and sscep to a recommends. They are only required if utilizing certificate auto enrollment (bsc#1249087). * Disable timeouts for smb.service so that possibly slow running ExecStartPre script 'update-samba-security-profile' doesn't cause service start to fail due to timeouts (bsc#1249181). * Ensure semanage is pulled in as a requirement when samba in installed when selinux security access mechanism that is used (bsc#1249180). * don't attempt to label paths that don't exist, also remove unecessary

Topics Covered

security advisory critical SuSE samba security patch command injection

References

* bsc#1249087

* bsc#1249179

* bsc#1249180

* bsc#1249181

* bsc#1251279

* bsc#1251280

Cross-

* CVE-2025-10230

* CVE-2025-9640

CVSS scores:

* CVE-2025-10230 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

* CVE-2025-10230 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

* CVE-2025-9640 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-9640 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* SUSE Linux Enterprise Server 16.0

* SUSE Linux Enterprise Server for SAP Applications 16.0

An update that solves two vulnerabilities and has four fixes can now be

installed.

* https://www.suse.com/security/cve/CVE-2025-10230.html

* https://www.suse.com/security/cve/CVE-2025-9640.html

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:21005-1

Release Date: 2025-11-18T23:14:26Z

Rating: critical

Topics Covered

security advisory critical SuSE samba security patch command injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: Samba Critical Command Injection Fix Advisory 2025:21005-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: Samba Critical Command Injection Fix Advisory 2025:21005-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!