Samsung MagicINFO CVE-2025-4632 Critical Vulnerability Active Exploitation
Summary
Active exploitation of Samsung MagicINFO 9 Server vulnerability CVE-2025-4632 (CVSS v3 9.8) has been detected by Italian CSIRT. The vulnerability, described as a Path Traversal type and potentially a patch bypass for CVE-2024-7399, allows arbitrary file write on target systems and has been used to distribute Mirai botnet in some cases. A proof of concept is publicly available. Affected versions are MagicINFO 9 Server prior to version 21.1052. The vendor has released a patch.
“Ove non già provveduto, si raccomanda di aggiornare i prodotti vulnerabili all'ultima versione disponibile.”
Organizations operating Samsung MagicINFO 9 Server should treat this as a critical-priority patching event given the combination of maximum-severity CVSS score, confirmed active exploitation, and public availability of a working proof-of-concept. The connection to Mirai botnet distribution indicates the vulnerability is being used for infrastructure compromise, not just data exfiltration. Security teams should inventory MagicINFO instances, confirm version 21.1052 or later is deployed, and restrict network exposure of the management interface as a compensating control while patching progresses.
About this source
GovPing monitors Italy CSIRT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 18 changes logged to date.
What changed
The Italian national cybersecurity advisory (CSIRT-ITA) has issued an alert confirming active in-the-wild exploitation of CVE-2025-4632, a critical path traversal vulnerability (CVSS v3 score: 9.8) affecting Samsung MagicINFO 9 Server. Security researchers indicate this vulnerability may be a patch bypass for CVE-2024-7399 (patched August 2024) and has been used to distribute Mirai botnet malware. The vendor Samsung has already released a patch; however, active exploitation continues.
Organizations running MagicINFO 9 Server must immediately identify whether their installations are running versions prior to 21.1052 and apply the latest security update from Samsung without delay. Given the public PoC and confirmed exploitation for botnet deployment, this is not a theoretical risk. Network-level mitigations such as restricting access to the MagicINFO management interface should be considered as interim measures until patching is confirmed.
What to do next
- Update vulnerable products to the latest version available
Archived snapshot
Apr 27, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Samsung: rilevato sfruttamento in rete della CVE-2025-4632 relativa a MagicINFO
**
Alert**
AL01/250516/CSIRT-ITA
Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp
Sintesi
Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-4632 – già sanata dal vendor – che interessa la componente server di MagicINFO 9 di Samsung, soluzione all-in-one per la gestione di contenuti, dati e dispositivi.
Note : un Proof of Concept (PoC) per lo sfruttamento della vulnerabilità risulta disponibile in rete.
Tipologia
- Arbitrary File Write
Descrizione e potenziali impatti
È stato recentemente rilevato lo sfruttamento della vulnerabilità CVE-2025-4632 – già sanata dal vendor – che interessa la componente server di MagicINFO 9 di Samsung, soluzione all-in-one per la gestione di contenuti, dati e dispositivi.
Tale vulnerabilità – di tipo “ Path Traversal ” e con score CVSS v3 pari a 9.8 – secondo alcuni ricercatori di sicurezza risulterebbe essere un “ patch bypass ” per la CVE-2024-7399 – per la quale era stata rilasciata una patch ad agosto 2024 – e, qualora sfruttata, potrebbe consentire a un utente malintenzionato la scrittura arbitraria di file sui sistemi target.
Ricercatori di sicurezza affermano inoltre che, in alcuni casi, la CVE-2025-4632 è stata utilizzata anche per distribuire botnet Mirai.
Ulteriori dettagli disponibili al link all’analisi riportato nella sezione Riferimenti.
Prodotti e versioni affette
- MagicINFO 9 Server, versioni precedenti alla 21.1052
Azioni di Mitigazione
Ove non già provveduto, si raccomanda di aggiornare i prodotti vulnerabili all’ultima versione disponibile.
CVE (2)
Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2025-4632 | Presente | Presente |
| CVE-2024-7399 | Presente | Presente |
Riferimenti (2)
- https://security.samsungtv.com/securityUpdates#SVP-MAY-2025
- https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw
Change log
| Versione | Note | Data |
|---|---|---|
| 1.0 | Pubblicato il 16-05-2025 | 16/05/2025 |
| 1.1 | Aggiornata sezione "CVE" per rilevato sfruttamento della CVE-2024-7399 | 27/04/2026 |
Impatto sistemico
Critico (79.23)
Argomenti
Data pubblicazione
16/05/25 ore 09:16
Data Ultimo Aggiornamento
27/04/26 ore 10:26
Parties
Related changes
Get daily alerts for Italy CSIRT Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CSIRT-ITA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Italy CSIRT Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.