{"id":"UBUNTU-CVE-2025-0620","details":"A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.","modified":"2026-02-04T03:20:45.475023Z","published":"2025-06-03T00:00:00Z","withdrawn":"2026-01-20T05:24:58Z","related":["USN-7564-1"],"upstream":["CVE-2025-0620"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-0620"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-0620"},{"type":"REPORT","url":"https://www.samba.org/samba/security/CVE-2025-0620.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7564-1"}],"affected":[{"package":{"name":"samba","ecosystem":"Ubuntu:25.04","purl":"pkg:deb/ubuntu/samba@2:4.21.4+dfsg-1ubuntu3.1?arch=source&distro=plucky"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:4.21.4+dfsg-1ubuntu3.1"}]}],"versions":["2:4.20.4+dfsg-1ubuntu1","2:4.20.4+dfsg-1ubuntu2","2:4.20.4+dfsg-1ubuntu3","2:4.20.4+dfsg-1ubuntu5","2:4.21.4+dfsg-1ubuntu2","2:4.21.4+dfsg-1ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"ctdb"},{"binary_version":"2:2.10.0+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"ldb-tools"},{"binary_version":"2:2.10.0+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libldb-dev"},{"binary_version":"2:2.10.0+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libldb2"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"libnss-winbind"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"libpam-winbind"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"libsmbclient-dev"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"libsmbclient0"},{"binary_version":"2:2.4.2+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libtalloc-dev"},{"binary_version":"2:2.4.2+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libtalloc2"},{"binary_version":"2:1.4.12+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libtdb-dev"},{"binary_version":"2:1.4.12+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libtdb1"},{"binary_version":"2:0.16.1+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libtevent-dev"},{"binary_version":"2:0.16.1+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"libtevent0t64"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"libwbclient-dev"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"libwbclient0"},{"binary_version":"2:2.10.0+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"python3-ldb"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"python3-samba"},{"binary_version":"2:2.4.2+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"python3-talloc"},{"binary_version":"2:1.4.12+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"python3-tdb"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"registry-tools"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-ad-dc"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-ad-provision"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-common"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-common-bin"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-dev"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-dsdb-modules"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-libs"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-testsuite"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-vfs-ceph"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-vfs-glusterfs"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-vfs-modules"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"samba-vfs-modules-extra"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"smbclient"},{"binary_version":"2:1.4.12+samba4.21.4+dfsg-1ubuntu3.1","binary_name":"tdb-tools"},{"binary_version":"2:4.21.4+dfsg-1ubuntu3.1","binary_name":"winbind"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-0620.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}