Improper XML Entity Handling in Samsung MagicINFO Server
CVE-2025-54445

8.2HIGH

Key Information:

Vendor: Samsung Electronics
Status: Magicinfo 9 Server
Vendor: CVE Published:; 23 July 2025

🔔 Create Samsung Electronics Vulnerability Alert

What is CVE-2025-54445?

The vulnerability in Samsung Electronics' MagicINFO 9 Server is due to improper handling of XML External Entity references, which can lead to Server Side Request Forgery (SSRF). This can allow attackers to send unauthorized requests from the server, potentially compromising sensitive data and internal services. Affected versions include MagicINFO 9 Server prior to 21.1080.0. Organizations using this software should promptly apply security updates to mitigate associated risks.

Affected Version(s)

MagicINFO 9 Server 21.1080.0

References

https://security.samsungtv.com/securityUpdates

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Jul 22, 2025