Platform
other
Component
magicinfo-9-server
Fixed in
21.1080.1
CVE-2025-54451 describes a Code Injection vulnerability affecting Samsung MagicINFO 9 Server. This flaw allows attackers to inject arbitrary code, potentially leading to complete system compromise. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is available from Samsung.
The Code Injection vulnerability in MagicINFO 9 Server presents a severe risk. An attacker could leverage this flaw to execute arbitrary code on the server, gaining complete control over the system. This could involve data theft, modification, or deletion, as well as the installation of malware. Given MagicINFO's role in digital signage deployments, attackers could potentially manipulate displayed content, leading to disinformation campaigns or disruption of services. The blast radius extends to any system relying on the compromised MagicINFO server.
This vulnerability has a CRITICAL CVSS score of 9.8, indicating a high likelihood of exploitation. Public proof-of-concept exploits are not currently available, but the severity of the vulnerability suggests it may become a target for attackers. The vulnerability was publicly disclosed on 2025-07-23. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54451 is to upgrade MagicINFO 9 Server to version 21.1080.0 or later. If immediate upgrading is not possible, consider implementing strict input validation and sanitization on any data processed by the server. Network segmentation can limit the potential impact of a successful attack. Monitor MagicINFO server logs for suspicious activity, particularly code execution attempts. After upgrade, confirm the fix by attempting to trigger the vulnerability with known attack vectors and verifying that the server rejects the input.
Update MagicINFO 9 Server to version 21.1080.0 or later. This update fixes the code injection vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54451 is a critical vulnerability allowing code injection in Samsung MagicINFO 9 Server versions before 21.1080.0, enabling attackers to execute arbitrary code.
You are affected if you are using Samsung MagicINFO 9 Server versions less than or equal to 21.1080.0. Check your version and upgrade immediately.
Upgrade to version 21.1080.0 or later. Implement input validation as a temporary workaround if upgrading is not immediately possible.
While no public exploits are currently available, the high severity suggests potential for exploitation. Monitor your systems closely.
Refer to the official Samsung Security Bulletin for details and updates on CVE-2025-54451: [https://security.samsung.com/ (replace with actual URL when available)]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.