“LLMs without that preconception came through and pointed out the now glaringly obvious bug.”
– Douglas Bagnall, Samba Team
A newly disclosed bug in Samba’s WINS server (CVE-2025–10230, CVSS 10.0) allows unauthenticated remote command execution – but the bigger story is how it was found.
Samba developer Douglas Bagnall believes the vulnerability was surfaced using a large language model, making this one of the first public cases of LLM-assisted discovery leading to a critical RCE in production software.
The Bug, Briefly
If Samba is configured with a wins hook script, it runs a shell command whenever WINS name registrations happen. The command is built like this:
execl(”/bin/sh”, “sh”, “-c”, cmd, NULL);The attacker controls the cmd string – specifically, the NetBIOS name portion – which is taken directly from a UDP packet and injected without sanitization. That’s remote shell injection if the feature is enabled.
The code path lives in Samba’s source4 WINS server – a legacy component many assumed was dead, or at least safe by obscurity.
“We regarded this as dead code… and never looked at it.”
– Douglas Bagnall
The LLM Angle
The report’s structure and level of reasoning led Bagnall to conclude it was LLM-assisted. The important bit: the bug required tracking input across several layers of logic – from network parsing to shell command execution.
“They seem to follow a taint across domains… from the C variable into the string and execl call.”
That kind of reasoning is still difficult for most static analyzers – especially in complex, legacy codebases.
Why It Matters
This is more than just a one-off vuln:
LLMs bypass human blind spots: The assumption that something is unreachable or irrelevant doesn’t apply. LLMs review code without that mental baggage.
They reason across abstraction boundaries: From protocol handling to command execution – all within one inference.
Offensive use is likely already happening: If defenders are finding 0-days with LLMs, attackers probably are too. Expect this pattern to continue.
Static tools will need to catch up: This wasn’t about missing a known sink. It was about context and composition – something most scanners aren’t equipped to handle.