Sunday, June 15, 2025
Advertisements

Linux SMB 0-Day Discovered Using ChatGPT’s o3 Model

by Charline
written by Charline
A newly disclosed zero-day vulnerability in the Linux kernel has drawn global attention—not just for its severity, but for how it was discovered. Assigned CVE-2025-37899, the flaw was found using OpenAI’s o3 model, showcasing a major step forward in AI-assisted vulnerability research.

Vulnerability Targets Linux SMB Component

The vulnerability, confirmed on May 20, 2025, affects the ksmbd component, a built-in SMB3 file-sharing server in the Linux kernel. It involves a use-after-free error in the handler for the SMB “logoff” command, which could allow attackers to corrupt memory or execute code with kernel-level access.

Advertisements

The issue arises when one thread processes a logoff request and frees the sess->user object. Meanwhile, another thread attempting to bind to the same session via a session setup command may still access that freed memory—creating a classic concurrency bug.

Advertisements

AI Plays Central Role in Discovery

The vulnerability was discovered by a researcher named Sean, who stated, “I found the vulnerability with nothing more complicated than the o3 API—no scaffolding, no agentic frameworks, no tool use.” He believes this is the first publicly disclosed vulnerability found directly through a large language model.

Advertisements

OpenAI’s o3 model, launched in April 2025, is designed to “think longer” and handle complex tasks more effectively. Its ability to reason about concurrency and low-level code proved essential in spotting the flaw.

Advertisements

“With o3, LLMs have made a leap forward in their ability to reason about code,” Sean added. “They are now at a stage where they can make you significantly more efficient and effective.”

Risk Assessment and Patching Efforts

Security experts have rated the vulnerability as high severity. However, the Exploit Prediction Scoring System (EPSS) estimates the likelihood of exploitation at only 0.02% for now.

The flaw impacts Linux kernel versions up to 6.12.27, 6.14.5, and 6.15-rc4. Distributions such as SUSE are already developing patches, with the SUSE Security Team currently categorizing the issue as “moderate severity.”

Implications for AI in Cybersecurity

This discovery signals a new era in cybersecurity, where AI tools can act as powerful assistants rather than replacements for human researchers.

“If you’re an expert-level vulnerability researcher or exploit developer, the machines aren’t about to replace you,” Sean emphasized. “In fact, they now enhance your ability to identify and understand complex bugs.”

As AI models like o3 continue to evolve, the role of human-AI collaboration is expected to become standard in proactive cybersecurity defense strategies.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

How to Use Proxy in Brave Browser | Step-by-Step Guide

How to Use Proxy in Chrome on Android — Step-by-Step Guide

How to Use SOCKS5 Proxy on Chrome? A Comprehensive Guide

How to Use VPN and Proxy Together? A Comprehensive Guide

How to Open Blocked Websites by Proxy — A Complete Guide

How to Use Google Translate as a Proxy? A Step-by-Step Guide

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

The Five Best Free Proxy Servers
Is FoxyProxy Safe?
AI Demand Drives Record Revenue Growth in Server and Storage Components
How Does a Web Proxy Work?

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com