CVE-2025-4632
CVE-2025-4632
In short
Samsung MagicINFO 9 Server has a path traversal flaw that lets attackers write files anywhere on the system with admin privileges. This is dangerous because attackers can install malware, modify critical system files, or take complete control of the server.
Technical detail
CWE-22 path traversal vulnerability in Samsung MagicINFO 9 Server <21.1052 permits attackers to bypass directory restrictions and write arbitrary files with system-level privileges. The attack vector is network-based with low attack complexity; successful exploitation enables arbitrary code execution and complete system compromise.
Summary generated and translated by AI from the official description.
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Samsung Electronics · MagicINFO 9 Serverpublic PoCs found — 2
githubgithub.com/digitalsurgn/CVE-2025-4632_POC★ 1githubgithub.com/MantisToboggan-git/CVE-2025-4632-POC★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →