CVE-2025-66003 HIGH

CVE-2025-66003: Local users can perform a local root exploit via smb4k mounthelper

Vendor Https://Github.com/Kde/
Product smb4k
Weakness CWE-73
Published January 8, 2026
Last update January 8, 2026

CVSS base score

7.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.

Key dates

02Disclosure timeline

January 8, 2026 CVE published
January 8, 2026 Record updated