Improper Pathname Limitation in Samsung MagicINFO 9 Server
CVE-2025-4632

9.8CRITICAL

Key Information:

Vendor

Samsung Electronics

Status
Magicinfo 9 Server
Vendor
CVE Published:
13 May 2025

Badges

📈 Score: 421💰 Ransomware👾 Exploit Exists🟣 EPSS 46%🦅 CISA Reported📰 News Worthy

What is CVE-2025-4632?

CVE-2025-4632 is a significant vulnerability identified in the Samsung MagicINFO 9 Server, a product designed for content management and digital signage solutions. This software facilitates the management and distribution of multimedia content across various display devices. The vulnerability arises from an improper limitation of pathname access, allowing attackers with sufficient privilege to write arbitrary files to restricted directories. This flaw can be exploited to gain elevated system privileges, jeopardizing the integrity and security of the system. Organizations using Samsung MagicINFO 9 Server could face critical disruptions in their operations, data breaches, or unauthorized system control due to this vulnerability.

Potential impact of CVE-2025-4632

  1. Unauthorized Access and Control: Attackers can exploit this vulnerability to gain elevated privileges, asserting control over the server and potentially leading to system compromise.

  2. Data Breaches: The ability to write arbitrary files could enable malicious actors to manipulate or exfiltrate sensitive data, leading to significant data integrity issues and privacy concerns.

  3. Operational Disruption: Exploiting this vulnerability can cause operational disruptions, resulting in downtime for digital signage platforms, which may affect business continuity and overall service delivery.

CISA has reported CVE-2025-4632

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-4632 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

MagicINFO 9 Server 0 < 21.1052

News Articles

favicon imageCISA (.gov)

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CVE-2025-4632(link is external) Samsung MagicINFO 9 Server Path Traversal Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to...

Attackers Target Samsung MagicINFO Server Bug, Patch Now

CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.

favicon imageHelp Net Security

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers - Help Net Security

Companies using Samsung MagicINFO 9 should upgrade to the latest available version to fix a vulnerability exploited by attackers in the wild.

References

https://security.samsungtv.com/securityUpdates#SVP-MAY-2025

EPSS Score

46% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.