CVE Catalog

CVE-2025-9640

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

34th percentile - higher than 34% of all known CVEs

Summary

A flaw was found in Samba's vfs_streams_xattr module where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

Risk Assessment

The organization is at risk of leaking confidential data stored in memory, such as passwords or encryption keys, which could lead to further attacks and security breaches.

Recommendation

Immediately update Samba to the latest patched version and restrict access to the vfs_streams_xattr module to trusted users only.

Original NVD description (English source)

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS