A severe vulnerability in Samba’s WINS server implementation for Active Directory domain controllers has been disclosed, enabling unauthenticated attackers to execute arbitrary code on vulnerable systems.
Tracked as CVE-2025-10230, the flaw carries a CVSS 3.1 score of 10.0, underscoring its extreme risk and ease of exploitation. All Samba versions since 4.0 with WINS support enabled and the wins hook parameter set are affected, potentially exposing countless enterprise directory services to compromise.
https://cyberpress.org/critical-samba-flaw/