CVE-2025-4632
Published May 13, 2025
Last updated 18 days ago
AI description
CVE-2025-4632 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions before 21.1052. The vulnerability stems from an improper limitation of a pathname to a restricted directory, which allows attackers to write arbitrary files with system authority. This can lead to remote code execution if specially crafted JavaServer Pages (JSP) files are uploaded. The vulnerability has been actively exploited in the wild and is considered a patch bypass for CVE-2024-7399, another path traversal flaw in the same product. Exploitation of CVE-2025-4632 has been linked to the deployment of the Mirai botnet in some instances. Samsung has released software updates to address this vulnerability.
- Description
- Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
- Source
- PSIRT@samsung.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Exploit added on
- May 22, 2025
- Exploit action due
- Jun 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
We identified exploitation of CVE-2025-4632, a vulnerability impacting Samsung MagicINFO 9 servers resulting in the deployment of AnyDesk and XMRig by threat actors. Blog included below, shout out to @p3bt3b for his hard work! https://t.co/saM6uK4ScW #ThreatHunting #DFIR https:
@YungBinary
5 Jun 2025
313 Impressions
2 Retweets
9 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 Samsung corrige une faille critique (CVE-2025-4632, CVSS 9.8) dans MagicINFO 9, exploitée pour déployer le botnet Mirai. ➡️ Vuln de type path traversal 🔧 Mettez à jour vers la v21.1052 sans tarder ! #cybersec #Mirai #Samsung 🔗 https://t.co/pmDVa4wrK8
@Guardia_School
2 Jun 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2025-4632, a path traversal vulnerability in Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog. This flaw allows attackers to write arbitrary files with system authority. #CyberSecurity #CISA #VulnerabilityManagement https://t.co/x0JFbvNApY
@MainNerve
31 May 2025
52 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness When Samsung's Magic Turns Tragic: A Tale of Unauthorized Mining | 30-05-2025 Source: https://t.co/MjstkeAafJ Key details below ↓ 💀Threats: Xmrig_miner, Anydesk_tool, Lolbin_technique, Disabling_antivirus_technique, 🔓CVEs: CVE-2025-4632
@rst_cloud
30 May 2025
118 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
eSentire recently released their Insights into #CVE-2025-4632 (Samsung MagicINFO 9 Server vulnerability) exploited for Cryptomining #XMR and RCE. Orgs should ensure they are patched and avoid unnecessary internet exposure. https://t.co/jfW4FXGNci
@p3bt3b
30 May 2025
341 Impressions
4 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
In May 2025, attackers exploited CVE-2025-4632 in Samsung MagicINFO 9 Server, enabling remote code execution, deploying a cryptominer via XMRig, and gaining persistence with AnyDesk. Stay vigilant! ⚠️ #Samsung #Cryptominer #Australia https://t.co/k5noUyOd7p
@TweetThreatNews
30 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware su MathWorks, attacchi a Commvault e campagne mirate sul cloud Sicurezza Informatica, attacchi cloud, cisa, Commvault Metallic, CVE-2025-4632, ICS, MathWorks, Microsoft Hyper-V bug, payroll, PHISHING, Ransomware, SaaS, Samsung MagicINFO, seo https://t.co/wCLIo236V7 htt
@matricedigitale
27 May 2025
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4632 #Samsung MagicINFO 9 Server Path Traversal Vulnerability https://t.co/X7vAnxPoa9
@ScyScan
23 May 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Samsung MagicINFO 9 Server Path Traversal Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4632 (CVSS 9.8/10) Samsung MagicINFO 9 Server Path Traversal Vulnerability Impact: A successful exploit may allows an attacker to write arbitrary fi
@CyberxtronTech
23 May 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Samsung MagicINFO 9 Server path traversal vulnerability CVE-2025-4632 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/rPyBPezSZu
@CISACyber
22 May 2025
4611 Impressions
10 Retweets
17 Likes
1 Bookmark
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
19 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4632 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2..https://t.co/Aa07sbLDNP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
18 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
17 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
17 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
16 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
csirt_it: ‼️ #Samsung: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-4632 presente nella componente server di #MagicINFO9 Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔗 https://t.co/1B7QLgRQXs ⚠ Importante aggiornare i prod… https://t.
@Vulcanux_
16 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
16 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8). https://t.co/liNOhCDso0 https://t.co/CFNdaR7s8r
@riskigy
15 May 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Samsung Fixes Critical MagicINFO Exploit Used in Botnet Attacks CVE-2025-4632 lets hackers write files as system user—already abused for Mirai botnet. Patch to v21.1052.0 now. https://t.co/4VB2CplFhV #Samsung #CyberSecurity #Infosec https://t.co/BTnhLp32K7
@dCypherIO
15 May 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[주의] 삼성 CMS 서버(MagicINFO) 취약점(CVE-2025-4632) * path traversal 취약점(CVE-2025-4632) 개요 - 제한된 디렉토리 우회 후 시스템 권한으로 임의 파일 생성 가능 - 위험도(CVSS) : 9.8 - 영향을 받는 버전 : MagicINFO 9 (21.1052
@virusmyths
15 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Samsung Patches CVE-2025-4632 🔓 Vulnerability in MagicINFO 9 exploited to deliver Mirai Botnet 📡 Targets: Digital signage & remote management tools 🛠️ Remote Code Execution — widespread risk ✅ Patch now to block ongoing botnet activity #CyberSecurity #Sams
@SecurEpitome
15 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
サムスン、MagicINFO 9の脆弱性を利用したMiraiボットネットの展開に使用されたCVE-2025-4632を修正 https://t.co/ez0PYvt62X #Security #セキュリティ #ニュース
@SecureShield_
15 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/tbpSGXFHFk https://t.co/KJ5RiB3FkX
@TonyBeeTweets
14 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/REvOMb5Ned
@Dinosn
14 May 2025
2847 Impressions
11 Retweets
46 Likes
11 Bookmarks
0 Replies
0 Quotes
Samsung patches CVE-2025-4632 used to deploy Mirai Botnet via MagicINFO 9 exploit https://t.co/ZfcWODURcY
@sabatage
14 May 2025
162 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
📌 أصدرت سامسونج تحديثات برمجية لسد ثغرة أمنية خطيرة في خادم MagicINFO 9، تم استغلالها في هجمات. الثغرة CVE-2025-4632، والتي سجلت 9.8 على مؤشر CVSS، تُعرف كعيب في تخطي ال
@Cybercachear
14 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/fEzkL1RIWZ
@cyberetweet
14 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/Wd53OAVf3f... https://t.co/jZjjwoCS4j
@IT_news_for_all
14 May 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/aZWrqjBSiJ
@TheHackersNews
14 May 2025
10178 Impressions
32 Retweets
67 Likes
8 Bookmarks
1 Reply
2 Quotes
⚡️The vulnerability details are now available: https://t.co/mtaEexvGV3 🚨🚨CVE-2025-4632 (CVSS 9.8) hits Samsung's MagicINFO Server! Attackers can sneak in and write files as SYSTEM, possibly taking over the whole server with remote code execution. MagicINFO is the bra
@zoomeye_team
14 May 2025
341 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Samsungのデジタルサイネージ管理ソフト「MagicINFO 9 Server」に、重大な脆弱性(CVE-2025-4632)が発見された。バージョン21.1052未満が対象で、認証なしに任意ファイルを書き込み、システム権限でコードを実行でき
@yousukezan
14 May 2025
693 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4632: CRITICAL] Vulnerability in Samsung MagicINFO 9 Server allows attackers to write files with system authority due to improper directory restrictions. #cybersecurity#cve,CVE-2025-4632,#cybersecurity https://t.co/f7Q3GPvuA0 https://t.co/0TKk9JdxNd
@CveFindCom
13 May 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADCE2BD5-315B-4F42-8BB9-A419B0C750A7",
"versionEndExcluding": "21.1052.0"
}
],
"operator": "OR"
}
]
}
]