Platform
other
Component
magicinfo-9-server
Fixed in
21.1080.1
CVE-2025-54446 describes a Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This vulnerability allows an attacker to upload a web shell, granting them unauthorized access and control over the affected server. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is available from Samsung, upgrading to version 21.1080.0 is the recommended solution.
The primary impact of CVE-2025-54446 is the ability for an attacker to upload a web shell to the MagicINFO 9 Server. A web shell is a malicious script that provides an attacker with remote command execution capabilities. Successful exploitation allows an attacker to gain complete control over the server, including the ability to read, modify, and delete sensitive data, install malware, and potentially pivot to other systems on the network. The blast radius extends to any data stored or processed by the MagicINFO 9 Server, and the server could be used as a launchpad for further attacks within the organization. This vulnerability shares similarities with other web shell upload vulnerabilities, where attackers leverage insufficient input validation to bypass security controls.
CVE-2025-54446 was publicly disclosed on 2025-07-23. Its severity is rated as CRITICAL (CVSS 9.8). There is currently no indication of active exploitation campaigns or public proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a potential risk to federal executive branch agencies. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54446 is to upgrade MagicINFO 9 Server to version 21.1080.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file upload functionality to trusted sources only, implementing strict input validation on all file uploads, and enabling web application firewall (WAF) rules to detect and block suspicious file upload attempts. Monitor server logs for unusual activity, particularly related to file uploads and execution. After upgrading, confirm the fix by attempting a file upload via the vulnerable endpoint and verifying that the upload is rejected.
Update Samsung Electronics MagicINFO 9 Server to version 21.1080.0 or later. This corrects the Path Traversal vulnerability that allows uploading a Web Shell to the web server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54446 is a critical vulnerability allowing attackers to upload web shells to Samsung MagicINFO 9 Server versions before 21.1080.0, potentially leading to full server compromise.
You are affected if you are running Samsung MagicINFO 9 Server versions prior to 21.1080.0. Check your version and upgrade immediately.
Upgrade to version 21.1080.0 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads and enabling WAF rules.
There is currently no confirmed active exploitation, but the vulnerability is rated CRITICAL and has been added to the CISA KEV catalog, indicating potential risk.
Refer to the official Samsung Security Bulletin for details and updates regarding CVE-2025-54446. Check the Samsung Security Response Center website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.