CVE-2025-4632

Published May 13, 2025

Last updated 6 months ago

Exploit knownCVSS critical 9.8
Samsung MagicINFO

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4632 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions before 21.1052. The vulnerability stems from an improper limitation of a pathname to a restricted directory, which allows attackers to write arbitrary files with system authority. This can lead to remote code execution if specially crafted JavaServer Pages (JSP) files are uploaded. The vulnerability has been actively exploited in the wild and is considered a patch bypass for CVE-2024-7399, another path traversal flaw in the same product. Exploitation of CVE-2025-4632 has been linked to the deployment of the Mirai botnet in some instances. Samsung has released software updates to address this vulnerability.

Description
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
Source
PSIRT@samsung.com
NVD status
Analyzed
Products
magicinfo_9_server

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Exploit added on
May 22, 2025
Exploit action due
Jun 12, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

PSIRT@samsung.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

  1. 🔴 #Samsung MagicINFO 9 Server, Path Traversal, #CVE-2025-4632 (Critical) https://t.co/Jra9SuZ4ck

    @dailycve

    24 Apr 2026

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ‼️🇪🇸 A dataset of https://t.co/dKo9oTxSZ6, a Spanish footwear brand based in Arnedo (La Rioja) known for handmade leather shoes since 1962, has allegedly been leaked on a popular cybercrime forum. ▪️ Records: ~135,000 lines ▪️ Exploit Used: CVE-2025-4632 (MSSQL

    @DarkWebInformer

    29 Mar 2026

    5119 Impressions

    9 Retweets

    34 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  3. Ni pa donde hacerse. Estatus actual: Apol: cagada malhecha, carísima, según da estatus, te espían hasta las nalgas. Gugle: te espia hasta las nalgas y quiere ser como apol. Sansun: según muy acá pero tiene a todos sus usuarios con el culo al aire con CVE-2025-4632. Motoronch

    @CapibaraGDL

    21 Sept 2025

    581 Impressions

    3 Retweets

    16 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  4. Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit #CISO https://t.co/m0sw4Js4RD https://t.co/Aje3mP3Hgx

    @compuchris

    24 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-4632: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

    @ZeroDayFacts

    9 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Check out the latest research from eSentire's TRU Team, including CVE-2025-4632 exploitation and a deep dive on DeerStealer malware 🦌 https://t.co/gMqCC7AEn2 https://t.co/2tAz7vF5XL

    @esthreat

    17 Jun 2025

    348 Impressions

    2 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  7. 🔴 #Samsung MagicINFO 9 Server, Path Traversal, #CVE-2025-4632 (Critical) https://t.co/E6J9pwBshv

    @dailycve

    16 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked a... https://t.co/Mx6j1es7fa

    @SecurityAid

    15 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. We identified exploitation of CVE-2025-4632, a vulnerability impacting Samsung MagicINFO 9 servers resulting in the deployment of AnyDesk and XMRig by threat actors. Blog included below, shout out to @p3bt3b for his hard work! https://t.co/saM6uK4ScW #ThreatHunting #DFIR https:

    @YungBinary

    5 Jun 2025

    313 Impressions

    2 Retweets

    9 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  10. 🚨 Samsung corrige une faille critique (CVE-2025-4632, CVSS 9.8) dans MagicINFO 9, exploitée pour déployer le botnet Mirai. ➡️ Vuln de type path traversal 🔧 Mettez à jour vers la v21.1052 sans tarder ! #cybersec #Mirai #Samsung 🔗 https://t.co/pmDVa4wrK8

    @Guardia_School

    2 Jun 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA added CVE-2025-4632, a path traversal vulnerability in Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog. This flaw allows attackers to write arbitrary files with system authority. #CyberSecurity #CISA #VulnerabilityManagement https://t.co/x0JFbvNApY

    @MainNerve

    31 May 2025

    52 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  12. #threatreport #MediumCompleteness When Samsung's Magic Turns Tragic: A Tale of Unauthorized Mining | 30-05-2025 Source: https://t.co/MjstkeAafJ Key details below ↓ 💀Threats: Xmrig_miner, Anydesk_tool, Lolbin_technique, Disabling_antivirus_technique, 🔓CVEs: CVE-2025-4632

    @rst_cloud

    30 May 2025

    118 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. eSentire recently released their Insights into #CVE-2025-4632 (Samsung MagicINFO 9 Server vulnerability) exploited for Cryptomining #XMR and RCE. Orgs should ensure they are patched and avoid unnecessary internet exposure. https://t.co/jfW4FXGNci

    @p3bt3b

    30 May 2025

    341 Impressions

    4 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. In May 2025, attackers exploited CVE-2025-4632 in Samsung MagicINFO 9 Server, enabling remote code execution, deploying a cryptominer via XMRig, and gaining persistence with AnyDesk. Stay vigilant! ⚠️ #Samsung #Cryptominer #Australia https://t.co/k5noUyOd7p

    @TweetThreatNews

    30 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Ransomware su MathWorks, attacchi a Commvault e campagne mirate sul cloud Sicurezza Informatica, attacchi cloud, cisa, Commvault Metallic, CVE-2025-4632, ICS, MathWorks, Microsoft Hyper-V bug, payroll, PHISHING, Ransomware, SaaS, Samsung MagicINFO, seo https://t.co/wCLIo236V7 htt

    @matricedigitale

    27 May 2025

    145 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4632 #Samsung MagicINFO 9 Server Path Traversal Vulnerability https://t.co/X7vAnxPoa9

    @ScyScan

    23 May 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CVE Alert: Samsung MagicINFO 9 Server Path Traversal Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4632 (CVSS 9.8/10) Samsung MagicINFO 9 Server Path Traversal Vulnerability Impact: A successful exploit may allows an attacker to write arbitrary fi

    @CyberxtronTech

    23 May 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🛡️ We added Samsung MagicINFO 9 Server path traversal vulnerability CVE-2025-4632 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/rPyBPezSZu

    @CISACyber

    22 May 2025

    4611 Impressions

    10 Retweets

    17 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    19 May 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. CVE-2025-4632 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2..https://t.co/Aa07sbLDNP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    18 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    18 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    17 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    17 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    16 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. csirt_it: ‼️ #Samsung: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-4632 presente nella componente server di #MagicINFO9 Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔗 https://t.co/1B7QLgRQXs ⚠ Importante aggiornare i prod… https://t.

    @Vulcanux_

    16 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Actively exploited CVE : CVE-2025-4632

    @transilienceai

    16 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8). https://t.co/liNOhCDso0 https://t.co/CFNdaR7s8r

    @riskigy

    15 May 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. ⚠️ Samsung Fixes Critical MagicINFO Exploit Used in Botnet Attacks CVE-2025-4632 lets hackers write files as system user—already abused for Mirai botnet. Patch to v21.1052.0 now. https://t.co/4VB2CplFhV #Samsung #CyberSecurity #Infosec https://t.co/BTnhLp32K7

    @dCypherIO

    15 May 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  29. [주의] 삼성 CMS 서버(MagicINFO) 취약점(CVE-2025-4632) * path traversal 취약점(CVE-2025-4632) 개요 - 제한된 디렉토리 우회 후 시스템 권한으로 임의 파일 생성 가능 - 위험도(CVSS) : 9.8 - 영향을 받는 버전 : MagicINFO 9 (21.1052

    @virusmyths

    15 May 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Samsung Patches CVE-2025-4632 🔓 Vulnerability in MagicINFO 9 exploited to deliver Mirai Botnet 📡 Targets: Digital signage & remote management tools 🛠️ Remote Code Execution — widespread risk ✅ Patch now to block ongoing botnet activity #CyberSecurity #Sams

    @SecurEpitome

    15 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. サムスン、MagicINFO 9の脆弱性を利用したMiraiボットネットの展開に使用されたCVE-2025-4632を修正 https://t.co/ez0PYvt62X #Security #セキュリティ #ニュース

    @SecureShield_

    15 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/tbpSGXFHFk https://t.co/KJ5RiB3FkX

    @TonyBeeTweets

    14 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/REvOMb5Ned

    @Dinosn

    14 May 2025

    2847 Impressions

    11 Retweets

    46 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  34. Samsung patches CVE-2025-4632 used to deploy Mirai Botnet via MagicINFO 9 exploit https://t.co/ZfcWODURcY

    @sabatage

    14 May 2025

    162 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  35. 📌 أصدرت سامسونج تحديثات برمجية لسد ثغرة أمنية خطيرة في خادم MagicINFO 9، تم استغلالها في هجمات. الثغرة CVE-2025-4632، والتي سجلت 9.8 على مؤشر CVSS، تُعرف كعيب في تخطي ال

    @Cybercachear

    14 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 📍Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/fEzkL1RIWZ

    @cyberetweet

    14 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/Wd53OAVf3f... https://t.co/jZjjwoCS4j

    @IT_news_for_all

    14 May 2025

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/aZWrqjBSiJ

    @TheHackersNews

    14 May 2025

    10178 Impressions

    32 Retweets

    67 Likes

    8 Bookmarks

    1 Reply

    2 Quotes

  39. ⚡️The vulnerability details are now available: https://t.co/mtaEexvGV3 🚨🚨CVE-2025-4632 (CVSS 9.8) hits Samsung's MagicINFO Server! Attackers can sneak in and write files as SYSTEM, possibly taking over the whole server with remote code execution. MagicINFO is the bra

    @zoomeye_team

    14 May 2025

    341 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  40. Samsungのデジタルサイネージ管理ソフト「MagicINFO 9 Server」に、重大な脆弱性(CVE-2025-4632)が発見された。バージョン21.1052未満が対象で、認証なしに任意ファイルを書き込み、システム権限でコードを実行でき

    @yousukezan

    14 May 2025

    693 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. [CVE-2025-4632: CRITICAL] Vulnerability in Samsung MagicINFO 9 Server allows attackers to write files with system authority due to improper directory restrictions. #cybersecurity#cve,CVE-2025-4632,#cybersecurity https://t.co/f7Q3GPvuA0 https://t.co/0TKk9JdxNd

    @CveFindCom

    13 May 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.CVE-2026-25202
  2. An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.CVE-2026-25201
  3. A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.CVE-2026-25200
  4. Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.CVE-2025-54455
  5. Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.CVE-2025-54449

References

Sources include official advisories and independent security research.