CVE-2025-37899

HIGH EXPLOITED

Linux Kernel 5.15-6.12.28, 6.1.0-6.1.159, 6.2.0-6.6.119, 6.7.0-6.12.28, 6.13.0-6.14.6 - Use-After-Free in Session Logoff

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-37899 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including SeanHeelan, ccss17, vett3x.

AI-analyzed exploit summary This repository contains a README linking to a blog post detailing the discovery of CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel’s SMB implementation. No exploit code or technical PoC is provided in the repository itself.

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

Exploits (3)

nomisec WRITEUP 351 stars
by SeanHeelan · poc
https://github.com/SeanHeelan/o3_finds_cve-2025-37899

This repository contains a README linking to a blog post detailing the discovery of CVE-2025-37899, a remote zero-day vulnerability in the Linux kernel’s SMB implementation. No exploit code or technical PoC is provided in the repository itself.

Classification
Writeup 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Linux kernel SMB implementation
No auth needed
Prerequisites: Access to the referenced blog post for details
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by ccss17 · poc
https://github.com/ccss17/o3_finds_cve-2025-37899

This repository documents the analysis of CVE-2024-37032, a path traversal vulnerability in Ollama's SMB implementation, using LLM-based techniques to identify and exploit the flaw. It includes detailed explanations of the vulnerability, attack scenarios, and multi-level testing methodologies.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ollama <= v0.1.33
No auth needed
Prerequisites: Victim must pull a malicious model from an attacker-controlled registry
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by vett3x · poc
https://github.com/vett3x/SMB-LINUX-CVE-2025-37899

This repository contains a detailed writeup describing a use-after-free vulnerability (CVE-2025-37899) in the Linux kernel's ksmbd module, which handles SMB protocol. The vulnerability arises from improper synchronization in the `smb2_session_logoff` function, potentially leading to remote code execution with kernel privileges.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Linux kernel ksmbd module (versions affected not specified)
No auth needed
Prerequisites: Network access to SMB port (445) · Ability to send crafted SMB2/3 commands
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 18.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-09
CWE
CWE-416
Status published
Products (18)
linux/Kernel 5.15.0 - 6.1.159linux
linux/Kernel 6.13.0 - 6.14.6linux
linux/Kernel 6.2.0 - 6.6.119linux
linux/Kernel 6.7.0 - 6.12.28linux
Linux/Linux < 5.15
Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 02d16046cd11a5c037b28c12ffb818c56dd3ef43
Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 2fc9feff45d92a92cd5f96487655d5be23fb7e2b
Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 70ad6455139e26e85f48f95d0e21f351c1909342
Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - 931dc8a3670f71c45c0b1379ea4e92dafbda1aca
Linux/Linux 0626e6641f6b467447c81dd7678a69c66f7746cf - d5ec1d79509b3ee01de02c236f096bc050221b7f
... and 8 more
Published May 20, 2025
Tracked Since Feb 18, 2026