Thanks to visit codestin.com
Credit goes to ubuntu.com

CVE-2025-10230

Publication date 15 October 2025

Last updated 20 October 2025


Ubuntu priority

Description

Command injection via WINS server hook script

Read the notes from the security team

Status

Package Ubuntu Release Status
samba 25.10 questing
Fixed 2:4.22.3+dfsg-4ubuntu2.1
25.04 plucky
Fixed 2:4.21.4+dfsg-1ubuntu3.5
24.04 LTS noble
Fixed 2:4.19.5+dfsg-4ubuntu9.4
22.04 LTS jammy
Fixed 2:4.15.13+dfsg-0ubuntu1.10
20.04 LTS focal
Fixed 2:4.15.13+dfsg-0ubuntu0.20.04.8+esm1
18.04 LTS bionic
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm3
16.04 LTS xenial
Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm4
14.04 LTS trusty
Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm15

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

Notes


mdeslaur

per Samba developers "WINS is an obsolete and trusting protocol" and "The WINS server used by Samba when it is not a domain controller is unaffected." Per Samba developers, this is an unusual configuration and "will affect very few, possibly zero, users"

References

Related Ubuntu Security Notices (USN)

Other references