Samsung has disclosed a crucial safety vulnerability (CVE-2025-4632) affecting its MagicINFO 9 Server platform, a extensively deployed content material administration system used for digital signage throughout retail, transportation, healthcare, and company environments worldwide.
The flaw permits unauthenticated attackers to jot down arbitrary recordsdata with system-level privileges, probably main to finish system compromise.
Essential Path Traversal in Samsung MagicINFO 9
The vulnerability, formally cataloged as SVE-2025-50001 in Samsung’s safety bulletin for Could 2025, has obtained a CVSS rating of 9.8, indicating most severity.
It impacts all Samsung MagicINFO 9 Server installations previous to model 21.1052.
Safety researchers describe the flaw as an “improper limitation of a pathname to a restricted listing” vulnerability.
This vulnerability stems from inadequate validation of file paths throughout write operations, permitting distant attackers to bypass listing restrictions and place malicious recordsdata wherever on the system with SYSTEM consumer privileges.
This enables a distant attacker to bypass listing restrictions and add recordsdata outdoors the meant path, successfully enabling them to plant malicious code wherever on the file system-even in delicate system directories.
This new vulnerability bears putting similarities to CVE-2024-7399, one other crucial path traversal vulnerability in the identical product that was disclosed in August 2024.
Safety agency Huntress reported earlier this month that regardless of Samsung’s claims of patching CVE-2024-7399 in model 21.1050, their exams confirmed that the model remained susceptible to exploitation.
Arctic Wolf researchers noticed energetic exploitation makes an attempt in opposition to MagicINFO servers nearly instantly after proof-of-concept code grew to become accessible, suggesting malicious actors are carefully monitoring vulnerabilities in these programs.
Threat FactorsDetailsAffected ProductsSamsung MagicINFO 9 Server variations previous to 21.1052 ImpactArbitrary file write with SYSTEM privileges resulting in distant code executionExploit PrerequisitesRemote entry with out authentication CVSS 3.1 Score9.8 CRITICAL
Mitigation
Samsung has launched safety replace SVP-MAY-2025 to handle this vulnerability. In line with Samsung’s bulletin, “The patch modifies verification logic of the enter”. Organizations utilizing MagicINFO 9 Server ought to instantly replace to model 21.1052 or later.
Samsung’s SmartTV software program replace coverage ensures assist for no less than three years from product launch, with further assist for crucial safety patches the place potential.
Customers can test for updates from the gadget menu by navigating to [Settings] → [Support] → [Software Update].
The MagicINFO platform is Samsung’s flagship content material administration resolution for digital signage, providing complete gadget and content material administration capabilities.
The system is designed to manage show content material, entry {hardware} settings, and troubleshoot points remotely.
Attributable to MagicINFO’s structure, which generally operates with elevated system privileges to handle show configurations throughout enterprises, the vulnerability poses important dangers to company networks.
Attackers exploiting this flaw may probably implant persistence mechanisms, manipulate firmware, or disrupt complete digital signage networks.
Safety professionals advocate organizations not solely apply the patch but in addition confirm their Auto-Replace settings and audit their programs for any indicators of compromise.
Organizations unable to instantly replace ought to contemplate isolating MagicINFO programs from public networks till patches could be utilized.
Leveraging Defensive AI for Endpoint Safety to cease threats with 99.5% accuracy – Be a part of Free Seminar
