Marcos Tolosa

1 exploit Active since Nov 2025
CVE-2025-10230 NOMISEC CRITICAL WRITEUP
Samba Active Directory WINS Hook - Remote Command Execution
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
CVSS 10.0