CVE-2025-4632
Published May 13, 2025
Last updated 4 months ago
- Description
- Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
- Source
- PSIRT@samsung.com
- NVD status
- Analyzed
- Products
- magicinfo_9_server
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Exploit added on
- May 22, 2025
- Exploit action due
- Jun 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Ni pa donde hacerse. Estatus actual: Apol: cagada malhecha, carísima, según da estatus, te espían hasta las nalgas. Gugle: te espia hasta las nalgas y quiere ser como apol. Sansun: según muy acá pero tiene a todos sus usuarios con el culo al aire con CVE-2025-4632. Motoronch
@CapibaraGDL
21 Sept 2025
581 Impressions
3 Retweets
16 Likes
0 Bookmarks
5 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit #CISO https://t.co/m0sw4Js4RD https://t.co/Aje3mP3Hgx
@compuchris
24 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4632: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
@ZeroDayFacts
9 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check out the latest research from eSentire's TRU Team, including CVE-2025-4632 exploitation and a deep dive on DeerStealer malware 🦌 https://t.co/gMqCC7AEn2 https://t.co/2tAz7vF5XL
@esthreat
17 Jun 2025
348 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
🔴 #Samsung MagicINFO 9 Server, Path Traversal, #CVE-2025-4632 (Critical) https://t.co/E6J9pwBshv
@dailycve
16 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked a... https://t.co/Mx6j1es7fa
@SecurityAid
15 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We identified exploitation of CVE-2025-4632, a vulnerability impacting Samsung MagicINFO 9 servers resulting in the deployment of AnyDesk and XMRig by threat actors. Blog included below, shout out to @p3bt3b for his hard work! https://t.co/saM6uK4ScW #ThreatHunting #DFIR https:
@YungBinary
5 Jun 2025
313 Impressions
2 Retweets
9 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 Samsung corrige une faille critique (CVE-2025-4632, CVSS 9.8) dans MagicINFO 9, exploitée pour déployer le botnet Mirai. ➡️ Vuln de type path traversal 🔧 Mettez à jour vers la v21.1052 sans tarder ! #cybersec #Mirai #Samsung 🔗 https://t.co/pmDVa4wrK8
@Guardia_School
2 Jun 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2025-4632, a path traversal vulnerability in Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog. This flaw allows attackers to write arbitrary files with system authority. #CyberSecurity #CISA #VulnerabilityManagement https://t.co/x0JFbvNApY
@MainNerve
31 May 2025
52 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness When Samsung's Magic Turns Tragic: A Tale of Unauthorized Mining | 30-05-2025 Source: https://t.co/MjstkeAafJ Key details below ↓ 💀Threats: Xmrig_miner, Anydesk_tool, Lolbin_technique, Disabling_antivirus_technique, 🔓CVEs: CVE-2025-4632
@rst_cloud
30 May 2025
118 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
eSentire recently released their Insights into #CVE-2025-4632 (Samsung MagicINFO 9 Server vulnerability) exploited for Cryptomining #XMR and RCE. Orgs should ensure they are patched and avoid unnecessary internet exposure. https://t.co/jfW4FXGNci
@p3bt3b
30 May 2025
341 Impressions
4 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
In May 2025, attackers exploited CVE-2025-4632 in Samsung MagicINFO 9 Server, enabling remote code execution, deploying a cryptominer via XMRig, and gaining persistence with AnyDesk. Stay vigilant! ⚠️ #Samsung #Cryptominer #Australia https://t.co/k5noUyOd7p
@TweetThreatNews
30 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware su MathWorks, attacchi a Commvault e campagne mirate sul cloud Sicurezza Informatica, attacchi cloud, cisa, Commvault Metallic, CVE-2025-4632, ICS, MathWorks, Microsoft Hyper-V bug, payroll, PHISHING, Ransomware, SaaS, Samsung MagicINFO, seo https://t.co/wCLIo236V7 htt
@matricedigitale
27 May 2025
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4632 #Samsung MagicINFO 9 Server Path Traversal Vulnerability https://t.co/X7vAnxPoa9
@ScyScan
23 May 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Samsung MagicINFO 9 Server Path Traversal Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4632 (CVSS 9.8/10) Samsung MagicINFO 9 Server Path Traversal Vulnerability Impact: A successful exploit may allows an attacker to write arbitrary fi
@CyberxtronTech
23 May 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Samsung MagicINFO 9 Server path traversal vulnerability CVE-2025-4632 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/rPyBPezSZu
@CISACyber
22 May 2025
4611 Impressions
10 Retweets
17 Likes
1 Bookmark
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
19 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4632 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2..https://t.co/Aa07sbLDNP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
18 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
17 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
17 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
16 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
csirt_it: ‼️ #Samsung: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-4632 presente nella componente server di #MagicINFO9 Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔗 https://t.co/1B7QLgRQXs ⚠ Importante aggiornare i prod… https://t.
@Vulcanux_
16 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
16 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8). https://t.co/liNOhCDso0 https://t.co/CFNdaR7s8r
@riskigy
15 May 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Samsung Fixes Critical MagicINFO Exploit Used in Botnet Attacks CVE-2025-4632 lets hackers write files as system user—already abused for Mirai botnet. Patch to v21.1052.0 now. https://t.co/4VB2CplFhV #Samsung #CyberSecurity #Infosec https://t.co/BTnhLp32K7
@dCypherIO
15 May 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[주의] 삼성 CMS 서버(MagicINFO) 취약점(CVE-2025-4632) * path traversal 취약점(CVE-2025-4632) 개요 - 제한된 디렉토리 우회 후 시스템 권한으로 임의 파일 생성 가능 - 위험도(CVSS) : 9.8 - 영향을 받는 버전 : MagicINFO 9 (21.1052
@virusmyths
15 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Samsung Patches CVE-2025-4632 🔓 Vulnerability in MagicINFO 9 exploited to deliver Mirai Botnet 📡 Targets: Digital signage & remote management tools 🛠️ Remote Code Execution — widespread risk ✅ Patch now to block ongoing botnet activity #CyberSecurity #Sams
@SecurEpitome
15 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
サムスン、MagicINFO 9の脆弱性を利用したMiraiボットネットの展開に使用されたCVE-2025-4632を修正 https://t.co/ez0PYvt62X #Security #セキュリティ #ニュース
@SecureShield_
15 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/tbpSGXFHFk https://t.co/KJ5RiB3FkX
@TonyBeeTweets
14 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/REvOMb5Ned
@Dinosn
14 May 2025
2847 Impressions
11 Retweets
46 Likes
11 Bookmarks
0 Replies
0 Quotes
Samsung patches CVE-2025-4632 used to deploy Mirai Botnet via MagicINFO 9 exploit https://t.co/ZfcWODURcY
@sabatage
14 May 2025
162 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
📌 أصدرت سامسونج تحديثات برمجية لسد ثغرة أمنية خطيرة في خادم MagicINFO 9، تم استغلالها في هجمات. الثغرة CVE-2025-4632، والتي سجلت 9.8 على مؤشر CVSS، تُعرف كعيب في تخطي ال
@Cybercachear
14 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/fEzkL1RIWZ
@cyberetweet
14 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/Wd53OAVf3f... https://t.co/jZjjwoCS4j
@IT_news_for_all
14 May 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/aZWrqjBSiJ
@TheHackersNews
14 May 2025
10178 Impressions
32 Retweets
67 Likes
8 Bookmarks
1 Reply
2 Quotes
⚡️The vulnerability details are now available: https://t.co/mtaEexvGV3 🚨🚨CVE-2025-4632 (CVSS 9.8) hits Samsung's MagicINFO Server! Attackers can sneak in and write files as SYSTEM, possibly taking over the whole server with remote code execution. MagicINFO is the bra
@zoomeye_team
14 May 2025
341 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Samsungのデジタルサイネージ管理ソフト「MagicINFO 9 Server」に、重大な脆弱性(CVE-2025-4632)が発見された。バージョン21.1052未満が対象で、認証なしに任意ファイルを書き込み、システム権限でコードを実行でき
@yousukezan
14 May 2025
693 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4632: CRITICAL] Vulnerability in Samsung MagicINFO 9 Server allows attackers to write files with system authority due to improper directory restrictions. #cybersecurity#cve,CVE-2025-4632,#cybersecurity https://t.co/f7Q3GPvuA0 https://t.co/0TKk9JdxNd
@CveFindCom
13 May 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCE2BD5-315B-4F42-8BB9-A419B0C750A7",
"versionEndExcluding": "21.1052.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]