Scan free
CRITICALCVE-2025-54438CVSS 9.8

CVE-2025-54438: Path Traversal in Samsung MagicINFO 9 Server

Platform

other

Component

magicinfo-9-server

Fixed in

21.1080.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2025-54438 describes a critical Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This flaw allows attackers to upload a web shell, granting them unauthorized access and control over the server. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0, and a patch is expected to be released by Samsung.

Impact and Attack Scenarios

The primary impact of CVE-2025-54438 is the ability for an attacker to upload a web shell to the MagicINFO 9 Server. Once a web shell is successfully uploaded, the attacker can execute arbitrary code on the server with the privileges of the MagicINFO 9 Server process. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker could also leverage the compromised server as a pivot point to move laterally within the network, targeting other systems connected to the same network as the MagicINFO 9 Server. The potential blast radius is significant, particularly in environments where the MagicINFO 9 Server has access to sensitive data or critical infrastructure.

Exploitation Context

CVE-2025-54438 was publicly disclosed on 2025-07-23. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code is currently available, the Path Traversal nature of the vulnerability makes it likely that PoCs will emerge. It is not currently listed on CISA KEV, but given the severity, it may be added in the future. Active campaigns targeting MagicINFO 9 Server are not currently known.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.12% (31% percentile)

CISA SSVC

Exploitationnone
Automatableyes
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentmagicinfo-9-server
VendorSamsung Electronics
Affected rangeFixed in
21.1080.0 – 21.1080.021.1080.1

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 305 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2025-54438 is to upgrade to a patched version of Samsung MagicINFO 9 Server as soon as it becomes available. Until a patch is available, implement temporary mitigations to reduce the risk. These include implementing strict file upload validation to prevent the upload of malicious files, restricting file upload locations to a dedicated directory with limited permissions, and segmenting the network to isolate the MagicINFO 9 Server from other critical systems. Consider using a Web Application Firewall (WAF) to filter out malicious requests targeting the upload endpoint. Monitor file system activity for any unauthorized file uploads or modifications.

How to fix

Update MagicINFO 9 Server to a version later than 21.1080.0 to fix the Path Traversal vulnerability. Refer to the Samsung Electronics website for the latest version and update instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-54438 — Path Traversal in Samsung MagicINFO 9 Server?

CVE-2025-54438 is a critical vulnerability allowing attackers to upload a web shell to Samsung MagicINFO 9 Server versions ≤21.1080.0, potentially leading to complete system compromise.

Am I affected by CVE-2025-54438 in Samsung MagicINFO 9 Server?

You are affected if you are using Samsung MagicINFO 9 Server versions prior to 21.1080.0. Immediately assess your environment and implement mitigations.

How do I fix CVE-2025-54438 in Samsung MagicINFO 9 Server?

Upgrade to a patched version of Samsung MagicINFO 9 Server as soon as it becomes available. Until then, implement strict file upload validation and network segmentation.

Is CVE-2025-54438 being actively exploited?

While no active campaigns are currently known, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted. Monitor your systems closely.

Where can I find the official Samsung advisory for CVE-2025-54438?

Refer to the official Samsung Security Bulletin for MagicINFO 9 Server, which will be published on the Samsung Security website when available.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs