Medium severity4.9OSV Advisory· Published Jun 6, 2025· Updated Jun 30, 2026
CVE-2025-0620
CVE-2025-0620
Description
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5samba-4.21.0, samba-4.21.1, samba-4.21.2, …+ 1 more
- (no CPE)range: samba-4.21.0, samba-4.21.1, samba-4.21.2, …
- (no CPE)
- osv-coords3 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 4.22.2+git.396.c752843dcf4-1.1+ 2 more
- (no CPE)range: < 4.22.2+git.396.c752843dcf4-1.1
- (no CPE)range: < 4.21.6+git.402.80f493f530f-150700.3.3.1
- (no CPE)range: < 4.21.6+git.402.80f493f530f-150700.3.3.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2025/06/03/8nvdMailing ListThird Party Advisory
- access.redhat.com/security/cve/CVE-2025-0620nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- www.samba.org/samba/security/CVE-2025-0620.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.