Question 1

What is CVE-2025-9640 — CVE-2025-9640?

Accepted Answer

A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.

Question 2

What is the authoritative source for CVE-2025-9640?

Accepted Answer

CVE-2025-9640 (CVE-2025-9640) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	4.3 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Last modified	2026-06-25

CVE-2025-9640CVE-2025-9640

Description

Scoring