Vulnerabilities have been identified in the smb4k utility used in KDE to detect and mount SMB partitions, allowing attackers to gain root access to the system. The issues have been fixed in the Smb4K 4.0.5 release.
You can check the status of a new version of a package or the preparation of a patch in distributions on the following pages: Debian, Ubuntu, Fedora, SUSE/openSUSE, Gentoo, Arch and FreeBSD.
To perform privileged actions in smb4k, KAuth handlers are used, launched with root rights. The vulnerabilities exist in the Smb4KMountHelper handler and are caused by the network file system mount (CVE-2025-66003) and unmount (CVE-2025-66002) functions not properly filtering options passed to the mount.cifs and unmount.cifs commands, which could allow an unprivileged user to pass any options via the mh_options parameter.
For example, by using the options “filemode=04777,uid=0”, the suid root flag will be set to all files in the mounted partition. Attackers can start an SMB server and mount their own partition with necessary executable files, which, with the set options, will be executed with root rights.
The Smb4KMountHelper handler also did not properly check the target directories, allowing attackers to mount their own SMB partition