CVE-2025-4632

Published May 13, 2025

Last updated 18 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4632 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions before 21.1052. The vulnerability stems from an improper limitation of a pathname to a restricted directory, which allows attackers to write arbitrary files with system authority. This can lead to remote code execution if specially crafted JavaServer Pages (JSP) files are uploaded. The vulnerability has been actively exploited in the wild and is considered a patch bypass for CVE-2024-7399, another path traversal flaw in the same product. Exploitation of CVE-2025-4632 has been linked to the deployment of the Mirai botnet in some instances. Samsung has released software updates to address this vulnerability.

Description
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
Source
PSIRT@samsung.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Exploit added on
May 22, 2025
Exploit action due
Jun 12, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

PSIRT@samsung.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending
  1. We identified exploitation of CVE-2025-4632, a vulnerability impacting Samsung MagicINFO 9 servers resulting in the deployment of AnyDesk and XMRig by threat actors. Blog included below, shout out to @p3bt3b for his hard work! https://t.co/saM6uK4ScW #ThreatHunting #DFIR https:

    @YungBinary

    5 Jun 2025

    313 Impressions

    2 Retweets

    9 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  2. 🚨 Samsung corrige une faille critique (CVE-2025-4632, CVSS 9.8) dans MagicINFO 9, exploitée pour déployer le botnet Mirai. ➡️ Vuln de type path traversal 🔧 Mettez à jour vers la v21.1052 sans tarder ! #cybersec #Mirai #Samsung 🔗 https://t.co/pmDVa4wrK8

    @Guardia_School

    2 Jun 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA added CVE-2025-4632, a path traversal vulnerability in Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog. This flaw allows attackers to write arbitrary files with system authority. #CyberSecurity #CISA #VulnerabilityManagement https://t.co/x0JFbvNApY

    @MainNerve

    31 May 2025

    52 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. #threatreport #MediumCompleteness When Samsung's Magic Turns Tragic: A Tale of Unauthorized Mining | 30-05-2025 Source: https://t.co/MjstkeAafJ Key details below ↓ 💀Threats: Xmrig_miner, Anydesk_tool, Lolbin_technique, Disabling_antivirus_technique, 🔓CVEs: CVE-2025-4632

    @rst_cloud

    30 May 2025

    118 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. eSentire recently released their Insights into #CVE-2025-4632 (Samsung MagicINFO 9 Server vulnerability) exploited for Cryptomining #XMR and RCE. Orgs should ensure they are patched and avoid unnecessary internet exposure. https://t.co/jfW4FXGNci

    @p3bt3b

    30 May 2025

    341 Impressions

    4 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. In May 2025, attackers exploited CVE-2025-4632 in Samsung MagicINFO 9 Server, enabling remote code execution, deploying a cryptominer via XMRig, and gaining persistence with AnyDesk. Stay vigilant! ⚠️ #Samsung #Cryptominer #Australia https://t.co/k5noUyOd7p

    @TweetThreatNews

    30 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Ransomware su MathWorks, attacchi a Commvault e campagne mirate sul cloud Sicurezza Informatica, attacchi cloud, cisa, Commvault Metallic, CVE-2025-4632, ICS, MathWorks, Microsoft Hyper-V bug, payroll, PHISHING, Ransomware, SaaS, Samsung MagicINFO, seo https://t.co/wCLIo236V7 htt

    @matricedigitale

    27 May 2025

    145 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4632 #Samsung MagicINFO 9 Server Path Traversal Vulnerability https://t.co/X7vAnxPoa9

    @ScyScan

    23 May 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE Alert: Samsung MagicINFO 9 Server Path Traversal Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4632 (CVSS 9.8/10) Samsung MagicINFO 9 Server Path Traversal Vulnerability Impact: A successful exploit may allows an attacker to write arbitrary fi

    @CyberxtronTech

    23 May 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🛡️ We added Samsung MagicINFO 9 Server path traversal vulnerability CVE-2025-4632 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/rPyBPezSZu

    @CISACyber

    22 May 2025

    4611 Impressions

    10 Retweets

    17 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    19 May 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. CVE-2025-4632 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2..https://t.co/Aa07sbLDNP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    18 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    18 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    17 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    17 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    16 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. csirt_it: ‼️ #Samsung: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-4632 presente nella componente server di #MagicINFO9 Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔗 https://t.co/1B7QLgRQXs ⚠ Importante aggiornare i prod… https://t.

    @Vulcanux_

    16 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    16 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8). https://t.co/liNOhCDso0 https://t.co/CFNdaR7s8r

    @riskigy

    15 May 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️ Samsung Fixes Critical MagicINFO Exploit Used in Botnet Attacks CVE-2025-4632 lets hackers write files as system user—already abused for Mirai botnet. Patch to v21.1052.0 now. https://t.co/4VB2CplFhV #Samsung #CyberSecurity #Infosec https://t.co/BTnhLp32K7

    @dCypherIO

    15 May 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  21. [주의] 삼성 CMS 서버(MagicINFO) 취약점(CVE-2025-4632) * path traversal 취약점(CVE-2025-4632) 개요 - 제한된 디렉토리 우회 후 시스템 권한으로 임의 파일 생성 가능 - 위험도(CVSS) : 9.8 - 영향을 받는 버전 : MagicINFO 9 (21.1052

    @virusmyths

    15 May 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Samsung Patches CVE-2025-4632 🔓 Vulnerability in MagicINFO 9 exploited to deliver Mirai Botnet 📡 Targets: Digital signage & remote management tools 🛠️ Remote Code Execution — widespread risk ✅ Patch now to block ongoing botnet activity #CyberSecurity #Sams

    @SecurEpitome

    15 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. サムスン、MagicINFO 9の脆弱性を利用したMiraiボットネットの展開に使用されたCVE-2025-4632を修正 https://t.co/ez0PYvt62X #Security #セキュリティ #ニュース

    @SecureShield_

    15 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/tbpSGXFHFk https://t.co/KJ5RiB3FkX

    @TonyBeeTweets

    14 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/REvOMb5Ned

    @Dinosn

    14 May 2025

    2847 Impressions

    11 Retweets

    46 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  26. Samsung patches CVE-2025-4632 used to deploy Mirai Botnet via MagicINFO 9 exploit https://t.co/ZfcWODURcY

    @sabatage

    14 May 2025

    162 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  27. 📌 أصدرت سامسونج تحديثات برمجية لسد ثغرة أمنية خطيرة في خادم MagicINFO 9، تم استغلالها في هجمات. الثغرة CVE-2025-4632، والتي سجلت 9.8 على مؤشر CVSS، تُعرف كعيب في تخطي ال

    @Cybercachear

    14 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 📍Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/fEzkL1RIWZ

    @cyberetweet

    14 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/Wd53OAVf3f... https://t.co/jZjjwoCS4j

    @IT_news_for_all

    14 May 2025

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/aZWrqjBSiJ

    @TheHackersNews

    14 May 2025

    10178 Impressions

    32 Retweets

    67 Likes

    8 Bookmarks

    1 Reply

    2 Quotes

  31. ⚡️The vulnerability details are now available: https://t.co/mtaEexvGV3 🚨🚨CVE-2025-4632 (CVSS 9.8) hits Samsung's MagicINFO Server! Attackers can sneak in and write files as SYSTEM, possibly taking over the whole server with remote code execution. MagicINFO is the bra

    @zoomeye_team

    14 May 2025

    341 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  32. Samsungのデジタルサイネージ管理ソフト「MagicINFO 9 Server」に、重大な脆弱性(CVE-2025-4632)が発見された。バージョン21.1052未満が対象で、認証なしに任意ファイルを書き込み、システム権限でコードを実行でき

    @yousukezan

    14 May 2025

    693 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. [CVE-2025-4632: CRITICAL] Vulnerability in Samsung MagicINFO 9 Server allows attackers to write files with system authority due to improper directory restrictions. #cybersecurity#cve,CVE-2025-4632,#cybersecurity https://t.co/f7Q3GPvuA0 https://t.co/0TKk9JdxNd

    @CveFindCom

    13 May 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.