CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0620: Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

6.6 CVSS

Description

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Classification

CVE ID: CVE-2025-0620

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.6

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem Types

Files or Directories Accessible to External Parties

Affected Products

Vendor: , Red Hat

Product: , Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.41% (scored less or equal to compared to others)

EPSS Date: 2025-06-27 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0620
https://access.redhat.com/security/cve/CVE-2025-0620
https://bugzilla.redhat.com/show_bug.cgi?id=2370453
https://www.samba.org/samba/security/CVE-2025-0620.html

Timeline

2025-06-06 14:40:22 UTC
CVE

Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session