CVE-2025-9640

medium

Description

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

References

https://www.samba.org/samba/history/security.html

https://lists.debian.org/debian-lts-announce/2025/11/msg00027.html

https://bugzilla.redhat.com/show_bug.cgi?id=2391698

https://access.redhat.com/security/cve/CVE-2025-9640

http://www.openwall.com/lists/oss-security/2025/10/16/2

http://www.openwall.com/lists/oss-security/2025/10/15/2

Details

Source: Mitre, NVD

Published: 2025-10-15

Updated: 2025-11-26

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00027