[[{“value”:”
Samsung has disclosed a critical security vulnerability (CVE-2025-4632) affecting its MagicINFO 9 Server platform, a widely deployed content management system used for digital signage across retail, transportation, healthcare, and corporate environments worldwide.
The flaw allows unauthenticated attackers to write arbitrary files with system-level privileges, potentially leading to complete system compromise.
Critical Path Traversal in Samsung MagicINFO 9
The vulnerability, formally cataloged as SVE-2025-50001 in Samsung’s security bulletin for May 2025, has received a CVSS score of 9.8, indicating maximum severity.
It affects all Samsung MagicINFO 9 Server installations prior to version 21.1052.
Security researchers describe the flaw as an “improper limitation of a pathname to a restricted directory” vulnerability.
This vulnerability stems from insufficient validation of file paths during write operations, allowing remote attackers to bypass directory restrictions and place malicious files anywhere on the system with SYSTEM user privileges.
This allows a remote attacker to bypass directory restrictions and upload files outside the intended path, effectively enabling them to plant malicious code anywhere on the file system-even in sensitive system directories.
This new vulnerability bears striking similarities to CVE-2024-7399, another critical path traversal vulnerability in the same product that was disclosed in August 2024.
Security firm Huntress reported earlier this month that despite Samsung’s claims of patching CVE-2024-7399 in version 21.1050, their tests confirmed that the version remained vulnerable to exploitation.
Arctic Wolf researchers observed active exploitation attempts against MagicINFO servers almost immediately after proof-of-concept code became available, suggesting malicious actors are closely monitoring vulnerabilities in these systems.
| Risk Factors | Details |
| Affected Products | Samsung MagicINFO 9 Server versions prior to 21.1052 |
| Impact | Arbitrary file write with SYSTEM privileges leading to remote code execution |
| Exploit Prerequisites | Remote access without authentication |
| CVSS 3.1 Score | 9.8 CRITICAL |
Mitigation
Samsung has released security update SVP-MAY-2025 to address this vulnerability. According to Samsung’s bulletin, “The patch modifies verification logic of the input”. Organizations using MagicINFO 9 Server should immediately update to version 21.1052 or later.
Samsung’s SmartTV software update policy guarantees support for at least three years from product launch, with additional support for critical security patches where possible.
Users can check for updates from the device menu by navigating to [Settings] → [Support] → [Software Update].
The MagicINFO platform is Samsung’s flagship content management solution for digital signage, offering comprehensive device and content management capabilities.
The system is designed to control display content, access hardware settings, and troubleshoot issues remotely.
Due to MagicINFO’s architecture, which typically operates with elevated system privileges to manage display configurations across enterprises, the vulnerability poses significant risks to corporate networks.
Attackers exploiting this flaw could potentially implant persistence mechanisms, manipulate firmware, or disrupt entire digital signage networks.
Security professionals recommend organizations not only apply the patch but also verify their Auto-Update settings and audit their systems for any signs of compromise.
Organizations unable to immediately update should consider isolating MagicINFO systems from public networks until patches can be applied.
Leveraging Defensive AI for Endpoint Security to stop threats with 99.5% accuracy – Join Free Seminar
The post Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File appeared first on Cyber Security News.
“}]]
Read More Cyber Security News