A critical zero-day vulnerability, CVE-2025-37899, has been identified within the Linux kernel, affecting its ksmbd component responsible for executing the SMB3 protocol for network file sharing. This vulnerability was brought to light by cybersecurity researcher Sean Heelan, who leveraged the capabilities of OpenAI’s o3 model. Officially confirmed on 20 May 2025, the vulnerability reveals a use-after-free issue in the SMB ‘logoff’ command handler, posing significant security risks.
The root of this flaw lies in concurrent session operations. When a thread processes a logoff command, it releases the sess->user object. Simultaneously, if another connection initiates a session setup to the same session, it may access sess->user, leading to classic use-after-free conditions. Such scenarios can result in memory corruption, providing an attacker with the opportunity to execute arbitrary commands with kernel privileges.
Released on 16 April 2025, OpenAI’s o3 model is claimed to showcase remarkable advancements in reasoning capabilities, especially in handling complex code and mathematical tasks. According to Heelan, the model’s proficiency in interpreting intricate code structures was crucial in identifying this vulnerability. “With o3, LLMs have made a leap forward in their ability to reason about code,” wrote Heelan in his blog. He emphasised that these models enhance efficiency and effectiveness in vulnerability research, reaching a proficiency close to human auditors.
Despite being rated high on severity by security professionals, the Exploit Prediction Scoring System (EPSS) suggests a low exploitation probability of around 0.02%. The vulnerability affects multiple versions of the Linux kernel, including 6.12.27, 6.14.5, and 6.15-rc4. Immediate attention from system administrators is necessary to mitigate potential risks.
In addition to CVE-2025-37899, Sean also identified another vulnerability, which is CVE-2025-37778. This vulnerability concerns Kerberos authentication pathways during remote client session setups. Both flaws, CVE-2025-37899 and CVE-2025-37778, underscore significant security challenges within widely used systems.
Linux distributions such as SUSE are actively working on addressing these vulnerabilities through patches. The SUSE Security Team has classified this issue as having moderate severity and urges users to apply updates as they become available to safeguard against potential exploits.
Implications for AI in cybersecurity
This discovery could mark a pivotal moment for AI-assisted security research techniques. Rather than serving as replacements for human researchers, AI models like o3 may emerge as powerful tools that enhance the efficiency and capability of cybersecurity experts by allowing deeper analysis of complex codebases. As noted by Heelan, AI is proving invaluable by transforming how vulnerabilities are detected and addressed, offering promising new directions for enhancing global digital security frameworks.
Earlier this year, a new decryptor was developed to counter Akira ransomware by leveraging GPU capabilities to recover decryption keys, allowing files to be unlocked without charge. This tool aims to mitigate the effects of Akira ransomware attacks on Linux systems.
Read more: New decryptor targets Akira ransomware with GPU technology for Linux systems
