CVE-2025-4632
Published May 13, 2025
Last updated 6 hours ago
AI description
CVE-2025-4632 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions before 21.1052. The vulnerability stems from an improper limitation of a pathname to a restricted directory, which allows attackers to write arbitrary files with system authority. This can lead to remote code execution if specially crafted JavaServer Pages (JSP) files are uploaded. The vulnerability has been actively exploited in the wild and is considered a patch bypass for CVE-2024-7399, another path traversal flaw in the same product. Exploitation of CVE-2025-4632 has been linked to the deployment of the Mirai botnet in some instances. Samsung has released software updates to address this vulnerability.
- Description
- Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
- Source
- PSIRT@samsung.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Exploit added on
- May 22, 2025
- Exploit action due
- Jun 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- PSIRT@samsung.com
- CWE-22
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-4632
@transilienceai
19 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4632 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2..https://t.co/Aa07sbLDNP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
18 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
17 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
17 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
16 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
csirt_it: ‼️ #Samsung: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-4632 presente nella componente server di #MagicINFO9 Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔗 https://t.co/1B7QLgRQXs ⚠ Importante aggiornare i prod… https://t.
@Vulcanux_
16 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4632
@transilienceai
16 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8). https://t.co/liNOhCDso0 https://t.co/CFNdaR7s8r
@riskigy
15 May 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Samsung Fixes Critical MagicINFO Exploit Used in Botnet Attacks CVE-2025-4632 lets hackers write files as system user—already abused for Mirai botnet. Patch to v21.1052.0 now. https://t.co/4VB2CplFhV #Samsung #CyberSecurity #Infosec https://t.co/BTnhLp32K7
@dCypherIO
15 May 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[주의] 삼성 CMS 서버(MagicINFO) 취약점(CVE-2025-4632) * path traversal 취약점(CVE-2025-4632) 개요 - 제한된 디렉토리 우회 후 시스템 권한으로 임의 파일 생성 가능 - 위험도(CVSS) : 9.8 - 영향을 받는 버전 : MagicINFO 9 (21.1052
@virusmyths
15 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Samsung Patches CVE-2025-4632 🔓 Vulnerability in MagicINFO 9 exploited to deliver Mirai Botnet 📡 Targets: Digital signage & remote management tools 🛠️ Remote Code Execution — widespread risk ✅ Patch now to block ongoing botnet activity #CyberSecurity #Sams
@SecurEpitome
15 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
サムスン、MagicINFO 9の脆弱性を利用したMiraiボットネットの展開に使用されたCVE-2025-4632を修正 https://t.co/ez0PYvt62X #Security #セキュリティ #ニュース
@SecureShield_
15 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/tbpSGXFHFk https://t.co/KJ5RiB3FkX
@TonyBeeTweets
14 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/REvOMb5Ned
@Dinosn
14 May 2025
2847 Impressions
11 Retweets
46 Likes
11 Bookmarks
0 Replies
0 Quotes
Samsung patches CVE-2025-4632 used to deploy Mirai Botnet via MagicINFO 9 exploit https://t.co/ZfcWODURcY
@sabatage
14 May 2025
162 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
📌 أصدرت سامسونج تحديثات برمجية لسد ثغرة أمنية خطيرة في خادم MagicINFO 9، تم استغلالها في هجمات. الثغرة CVE-2025-4632، والتي سجلت 9.8 على مؤشر CVSS، تُعرف كعيب في تخطي ال
@Cybercachear
14 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://t.co/fEzkL1RIWZ
@cyberetweet
14 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/Wd53OAVf3f... https://t.co/jZjjwoCS4j
@IT_news_for_all
14 May 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 Actively Exploited Samsung Flaw Hits Critical Alert! PoC dropped. Exploits followed fast. A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware. Read → https://t.co/aZWrqjBSiJ
@TheHackersNews
14 May 2025
10178 Impressions
32 Retweets
67 Likes
8 Bookmarks
1 Reply
2 Quotes
⚡️The vulnerability details are now available: https://t.co/mtaEexvGV3 🚨🚨CVE-2025-4632 (CVSS 9.8) hits Samsung's MagicINFO Server! Attackers can sneak in and write files as SYSTEM, possibly taking over the whole server with remote code execution. MagicINFO is the bra
@zoomeye_team
14 May 2025
341 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Samsungのデジタルサイネージ管理ソフト「MagicINFO 9 Server」に、重大な脆弱性(CVE-2025-4632)が発見された。バージョン21.1052未満が対象で、認証なしに任意ファイルを書き込み、システム権限でコードを実行でき
@yousukezan
14 May 2025
693 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4632: CRITICAL] Vulnerability in Samsung MagicINFO 9 Server allows attackers to write files with system authority due to improper directory restrictions. #cybersecurity#cve,CVE-2025-4632,#cybersecurity https://t.co/f7Q3GPvuA0 https://t.co/0TKk9JdxNd
@CveFindCom
13 May 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes