Platform
other
Component
magicinfo-9-server
Fixed in
21.1080.1
CVE-2025-54443 identifies a critical Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This flaw allows attackers to upload malicious web shells to the server, granting them unauthorized access and control. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is expected from Samsung, and interim mitigations are available.
The Path Traversal vulnerability in MagicINFO 9 Server presents a severe risk. Successful exploitation allows an attacker to bypass access controls and upload arbitrary files, specifically web shells. These web shells can then be used to execute arbitrary code on the server, leading to complete system compromise. An attacker could gain full control over the MagicINFO 9 Server, potentially accessing sensitive data, modifying configurations, and launching further attacks against other systems on the network. The blast radius extends to any data or services accessible through the compromised server, and the ability to execute code opens the door to persistent backdoors and lateral movement within the network.
CVE-2025-54443 was publicly disclosed on 2025-07-23. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept exploits are likely to emerge, increasing the risk. It is not currently listed on CISA KEV, but given the severity, it may be added in the future. Active campaigns targeting MagicINFO 9 Server are possible, particularly if readily available exploits are published.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
While a patch from Samsung is the definitive solution, several mitigations can reduce the risk until the upgrade is possible. First, strictly restrict file upload functionality within MagicINFO 9 Server, limiting allowed file types and sizes. Implement robust input validation to prevent path manipulation attempts. Consider deploying a Web Application Firewall (WAF) to filter malicious requests and block attempts to upload web shells. Regularly monitor server logs for suspicious activity, such as unusual file uploads or unexpected code execution. After applying mitigations, verify their effectiveness by attempting to upload a test file with a manipulated path.
Update MagicINFO 9 Server to a version later than 21.1080.0 to fix the Path Traversal vulnerability. Refer to the Samsung website for the latest version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54443 is a critical vulnerability allowing attackers to upload web shells via Path Traversal in Samsung MagicINFO 9 Server versions before 21.1080.0, potentially leading to full server compromise.
You are affected if you are running Samsung MagicINFO 9 Server versions less than or equal to 21.1080.0. Immediately assess your environment and apply mitigations.
The primary fix is to upgrade to a patched version of Samsung MagicINFO 9 Server as soon as it becomes available. Until then, implement mitigations like restricting file uploads and deploying a WAF.
While active exploitation is not yet confirmed, the high CVSS score and public disclosure suggest a high probability of exploitation, especially with the emergence of public exploits.
Refer to the official Samsung Security Bulletin for details and updates regarding CVE-2025-54443. Check the Samsung Security Response Center for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.