What is the CVSS score of CVE-2025-4632?

CVE-2025-4632 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 49.2%.

Which versions of Magicinfo 9 Server are affected by CVE-2025-4632?

Organizations using Samsung MagicINFO 9 Server face critical risk from CVE-2025-4632, a path traversal vulnerability rated CVSS 9.8.. A patch is available.

Is CVE-2025-4632 being actively exploited?

Yes, CVE-2025-4632 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-4632?

Within 24 hours: Identify all affected systems running Samsung MagicINFO 9 Server and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Magicinfo 9 Server CVE-2025-4632

CRITICAL

Path Traversal (CWE-22)

2025-05-13 PSIRT@samsung.com

Path Traversal Samsung Magicinfo 9 Server

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:41 vuln.today

Patch released

Mar 28, 2026 - 18:41 nvd

Patch available

Added to CISA KEV

Nov 03, 2025 - 18:58 cisa

CISA KEV

CVE Published

May 13, 2025 - 06:15 nvd

CRITICAL 9.8

DescriptionNVD

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

AnalysisAI

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise.

Technical ContextAI

The CWE-22 improper path limitation allows writing files to arbitrary locations on the server filesystem. The write operation executes with SYSTEM authority, enabling creation of executable files in system directories.