Samsung has released security updates for MagicINFO 9 Server to fix a critical and actively exploited vulnerability, CVE-2025-4632. This flaw involves a path traversal issue that allows attackers to write arbitrary files with system privileges, potentially leading to severe system compromise.
Affected: Samsung MagicINFO 9 Server.
Affected: Samsung MagicINFO 9 Server.
Keypoints
- The vulnerability CVE-2025-4632 is a critical path traversal flaw with a CVSS score of 9.8.
- It allows attackers to write arbitrary files as system authority due to improper pathname restrictions.
- The flaw is a patch bypass for the earlier CVE-2024-7399 vulnerability, which was previously fixed.
- Cybercriminals have exploited this vulnerability in the wild, even on the latest versions, to deploy threats like Mirai botnet.
- Users are advised to update to Samsung MagicINFO 9 version 21.1052.0 to mitigate the risk.
Read More: https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html