Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Posted on By CWS

Could 14, 2025Ravie LakshmananVulnerability / Malware
Samsung has launched software program updates to handle a essential safety flaw in MagicINFO 9 Server that has been actively exploited within the wild.
The vulnerability, tracked as CVE-2025-4632 (CVSS rating: 9.8), has been described as a path traversal flaw.
“Improper limitation of a pathname to a restricted listing vulnerability in Samsung MagicINFO 9 Server model earlier than 21.1052 permits attackers to write down arbitrary recordsdata as system authority,” based on an advisory for the flaw.

It is price noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, one other path traversal flaw in the identical product that was patched by Samsung in August 2024.
CVE-2025-4632 has since been exploited within the wild shortly after the discharge of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025, in some situations to even deploy the Mirai botnet.
Whereas it was initially assumed that the assaults have been concentrating on CVE-2024-7399, cybersecurity firm Huntress first revealed the existence of an unpatched vulnerability final week after discovering indicators of exploitation even on MagicINFO 9 Server situations working the most recent model (21.1050).
In a follow-up report revealed on Could 9, Huntress revealed that three separate incidents that concerned the exploitation of CVE-2025-4632, with unidentified actors working an an identical set of instructions to obtain further payloads like “srvany.exe” and “companies.exe” on two hosts and executing reconnaissance instructions on the third.
Customers of the Samsung MagicINFO 9 Server are really helpful to use the most recent fixes as quickly as doable to safeguard in opposition to potential threats.

“We’ve verified that MagicINFO 9 21.1052.0 does mitigate the unique concern raised in CVE-2025-4632,” Jamie Levy, director of adversary ways at Huntress, informed The Hacker Information.
“Any machine that has variations v8 – v9 21.1050.0 will nonetheless be affected by this vulnerability. We have additionally found that upgrading from MagicINFO v8 to v9 21.1052.0 just isn’t as easy since you need to first improve to 21.1050.0 earlier than making use of the ultimate patch.”

Discovered this text fascinating? Observe us on Twitter  and LinkedIn to learn extra unique content material we put up.

The Hacker News Tags:, , , , , , ,

Related Posts

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild The Hacker News
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats The Hacker News
SloppyLemming Uses New Malware Chains on South Asian Governments SloppyLemming Uses New Malware Chains on South Asian Governments The Hacker News
Identity Security Has an Automation Problem—And It’s Bigger Than You Think Identity Security Has an Automation Problem—And It’s Bigger Than You Think The Hacker News
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide The Hacker News
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks The Hacker News