CVE-2025-4632

CRITICAL
2025-05-13 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:41 vuln.today
Patch Released
Mar 28, 2026 - 18:41 nvd
Patch available
Added to CISA KEV
Nov 03, 2025 - 18:58 cisa
CISA KEV
CVE Published
May 13, 2025 - 06:15 nvd
CRITICAL 9.8

Tags

Samsung Path Traversal Magicinfo 9 Server

Description

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

Analysis

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise.

Technical Context

The CWE-22 improper path limitation allows writing files to arbitrary locations on the server filesystem. The write operation executes with SYSTEM authority, enabling creation of executable files in system directories.

Affected Products

['Samsung MagicINFO 9 Server before 21.1052']

Remediation

Update to version 21.1052+. Restrict network access to MagicINFO management interfaces. Scan for unauthorized files on the server.

Priority Score

148
Low Medium High Critical
KEV: +50
EPSS: +49.2
CVSS: +49
POC: 0

Share

CVE-2025-4632 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy