Code Injection Vulnerability in Samsung MagicINFO 9 Server
CVE-2025-54449

9.8CRITICAL

Key Information:

Vendor

Samsung Electronics

Status
Magicinfo 9 Server
Vendor
CVE Published:
23 July 2025

What is CVE-2025-54449?

An unrestricted file upload vulnerability in Samsung Electronics MagicINFO 9 Server has been identified, allowing attackers to upload dangerous types of files that can lead to code injection. This issue impacts versions prior to 21.1080.0, potentially compromising server integrity and enabling malicious activities.

Affected Version(s)

MagicINFO 9 Server 21.1080.0

References

https://security.samsungtv.com/securityUpdates

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.