CVE-2025-0620

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.21.6

Description The issue concerns a problem with SMB session re-authentication when using Kerberos authentication with SMB. Specifically, smbd does not pick up group membership changes when re-authenticating an expired SMB session. This means that changes in group membership are not reflected after a session re-authentication, potentially leading to unauthorized access or other security issues.

Recommendations For versions prior to 4.21.6, update to version 4.21.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources that rely on accurate group membership until the update can be applied.

Fix

Improper Authentication

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-552

Related Identifiers

ALT-PU-2025-10509

BDU:2025-09920

CVE-2025-0620

OPENSUSE-SU-2025:15296-1

SUSE-SU-2025:02230-1

SUSE-SU-2025_02230-1

USN-7564-1

Affected Products

Alt Linux

Samba

Suse

Ubuntu

CVE-2025-0620

Weakness Enumeration

Related Identifiers

Affected Products

References · 34