CVE-2025-0620 MEDIUM

CVE-2025-0620: Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Weakness CWE-552 · Files accessible externally

Published June 6, 2025

Last update March 18, 2026

View on NVD All CVEs

CVSS base score

4.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Key dates

02Disclosure timeline

June 6, 2025 CVE published

March 18, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0620

Related vulnerabilities

Identifiers

CVE CVE-2025-0620

CWE CWE-552

CVSS 4.9 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 9

Affected All versions

Vendor Red Hat

Product Red Hat OpenShift Container Platform 4

Affected All versions

CVE-2025-0620: Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

01Description

02Disclosure timeline

03References

04Related CVE