CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-4632

CVSS 9.8v3.1pub. 2025-05-13upd. 2025-11-03

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

🤖 AI Analysis
How it works

Samsung MagicINFO 9 Server does not properly enforce restrictions on file paths provided by users, which enables directory traversal (path traversal). An attacker, without any authentication, can send a crafted network request pointing to any location in the server's file system. As a result, it is possible to write arbitrary content at any location in the file system with system account privileges (SYSTEM authority).

Impact

An attacker can write arbitrary files with system privileges, which in practice enables remote takeover of full server control — for example through uploading a webshell, overwriting configuration or binary files. It is possible to obtain full access to system resources, violate data confidentiality and integrity, and achieve persistent server takeover.

Mitigation & patch

Samsung MagicINFO 9 Server must be immediately updated to version 21.1052 or newer in accordance with vendor information available at: https://security.samsungtv.com/securityUpdates#SVP-MAY-2025. Until the patch is deployed, it is recommended to restrict network access to the MagicINFO server only to trusted hosts and monitor logs for suspicious requests containing path traversal sequences.

Who is affected

Samsung MagicINFO 9 Server in versions prior to 21.1052

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Samsung Magicinfo 9 Server

    APP
    Samsung
    < 21.1052.0

CISA KEV — detailsi

Vendori
Samsung
Producti
MagicINFO 9 Server
Added to KEVi
May 22, 2025
Remediation deadline (US Federal)i
June 12, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 12 czerwca 2025
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-25202CRITICAL9.8PL ✓ten sam produkt

Zakodowane na stałe dane logowania do bazy danych w Samsung MagicINFO 9 Server

CVE-2026-25200CRITICAL9.8PL ✓ten sam produkt

Samsung MagicINFO 9 Server — Stored XSS przez upload plików HTML

CVE-2025-54443CRITICAL9.8PL ✓ten sam produkt

Path Traversal w Samsung MagicINFO 9 Server umożliwia upload Web Shell

CVE-2025-54438CRITICAL9.8PL ✓ten sam produkt

Path Traversal w Samsung MagicINFO 9 Server umożliwia wgranie web shell

CVE-2025-54440CRITICAL9.8PL ✓ten sam produkt

Samsung MagicINFO 9 Server — nieograniczony upload pliku umożliwia Code Injection