What is the CVSS score of CVE-2025-57836?

CVE-2025-57836 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-57836?

Organizations using Samsung Magician 6.3.0 face notable risk from CVE-2025-57836, a DLL hijacking vulnerability rated CVSS 7.8. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-57836?

Within 7 days: Identify all affected systems running Samsung Magician 6.3.0 and apply vendor patches promptly. Monitor vendor channels for patch availability.

Windows CVE-2025-57836

HIGH

Uncontrolled Search Path Element (CWE-427)

2026-01-05 cve@mitre.org

Windows Samsung Magician

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 05, 2026 - 17:15 nvd

HIGH 7.8

DescriptionNVD

An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.

AnalysisAI

Technical ContextAI

Classified as CWE-427 (Uncontrolled Search Path Element). Affects Magician. An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.