Search for vulnerabilities
Vulnerability details: VCID-k8tq-26rh-vqh4
Vulnerability ID VCID-k8tq-26rh-vqh4
Aliases CVE-2020-25720
Summary A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25720.json
cvssv3.1 7.5 https://access.redhat.com/security/cve/CVE-2020-25720
ssvc Track https://access.redhat.com/security/cve/CVE-2020-25720
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2020-25720
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=2305954
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2305954
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25720.json
https://api.first.org/data/v1/epss?cve=CVE-2020-25720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25720
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:storage:3 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:storage:3
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2020-25720 https://access.redhat.com/security/cve/CVE-2020-25720
CVE-2020-25720 https://nvd.nist.gov/vuln/detail/CVE-2020-25720
show_bug.cgi?id=2305954 https://bugzilla.redhat.com/show_bug.cgi?id=2305954
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25720.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2020-25720
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:18:39Z/ Found at https://access.redhat.com/security/cve/CVE-2020-25720
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2305954
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:18:39Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2305954
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.37051
EPSS Score 0.00155
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:44:19.728324+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2020/25xxx/CVE-2020-25720.json 37.0.0