CVE-2025-66003
📋 TL;DR
An External Control of File Name or Path vulnerability in smb4k's mounthelper allows local users to escalate privileges to root by controlling the contents of a Samba share. This affects smb4k users who can access and manipulate Samba shares. The vulnerability enables local privilege escalation.
💻 Affected Systems
- smb4k
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full root access to the system, potentially compromising all data and system integrity.
Likely Case
Local user with access to a Samba share escalates to root privileges, gaining complete control over the system.
If Mitigated
If proper access controls restrict Samba share access, impact is limited to authorized users only.
🎯 Exploit Status
Requires local access and ability to control Samba share contents; exploit details not publicly documented
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.0.5
Vendor Advisory: https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html
Restart Required: No
Instructions:
1. Update smb4k to version 4.0.5 or later using your distribution's package manager. 2. For openSUSE: 'sudo zypper update smb4k'. 3. For other distributions, use appropriate package manager commands.
🔧 Temporary Workarounds
Disable smb4k mounthelper
linuxRemove or disable the vulnerable mounthelper component
sudo chmod -x /usr/lib/smb4k/mounthelper
sudo mv /usr/lib/smb4k/mounthelper /usr/lib/smb4k/mounthelper.disabled
Restrict Samba share access
linuxLimit access to Samba shares to trusted users only
# Configure Samba share permissions in /etc/samba/smb.conf with valid users and read-only access where possible
🧯 If You Can't Patch
- Remove smb4k completely if not needed: sudo apt remove smb4k or sudo zypper remove smb4k
- Implement strict access controls on all Samba shares to limit potential attackers
🔍 How to Verify
Check if Vulnerable:
Check smb4k version: smb4k --version | grep -i versionCheck Version:
smb4k --versionVerify Fix Applied:
Verify smb4k version is 4.0.5 or higher: smb4k --version📡 Detection & Monitoring
Log Indicators:
- Unusual mounthelper activity in system logs
- Suspicious Samba share access patterns
Network Indicators:
- Unexpected SMB traffic from local users
SIEM Query:
process.name='mounthelper' AND user.name!='root'