プラットフォーム
other
コンポーネント
magicinfo-9-server
修正版
21.1080.1
CVE-2025-54443 identifies a critical Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This flaw allows attackers to upload malicious web shells to the server, granting them unauthorized access and control. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is expected from Samsung, and interim mitigations are available.
The Path Traversal vulnerability in MagicINFO 9 Server presents a severe risk. Successful exploitation allows an attacker to bypass access controls and upload arbitrary files, specifically web shells. These web shells can then be used to execute arbitrary code on the server, leading to complete system compromise. An attacker could gain full control over the MagicINFO 9 Server, potentially accessing sensitive data, modifying configurations, and launching further attacks against other systems on the network. The blast radius extends to any data or services accessible through the compromised server, and the ability to execute code opens the door to persistent backdoors and lateral movement within the network.
CVE-2025-54443 was publicly disclosed on 2025-07-23. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept exploits are likely to emerge, increasing the risk. It is not currently listed on CISA KEV, but given the severity, it may be added in the future. Active campaigns targeting MagicINFO 9 Server are possible, particularly if readily available exploits are published.
Organizations utilizing Samsung MagicINFO 9 Server, particularly those with internet-facing deployments or those lacking robust access controls, are at significant risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as a compromise of one user's MagicINFO 9 Server could potentially impact others.
• other / server:
# Monitor MagicINFO 9 Server logs for unusual file uploads or access attempts
grep -i 'upload' /var/log/magicinfo/server.log• other / server:
# Check for the presence of suspicious web shell files (e.g., .php, .jsp) in upload directories
find /opt/magicinfo/uploads -name '*.php' -o -name '*.jsp'disclosure
エクスプロイト状況
EPSS
0.12% (31% パーセンタイル)
CISA SSVC
CVSS ベクトル
While a patch from Samsung is the definitive solution, several mitigations can reduce the risk until the upgrade is possible. First, strictly restrict file upload functionality within MagicINFO 9 Server, limiting allowed file types and sizes. Implement robust input validation to prevent path manipulation attempts. Consider deploying a Web Application Firewall (WAF) to filter malicious requests and block attempts to upload web shells. Regularly monitor server logs for suspicious activity, such as unusual file uploads or unexpected code execution. After applying mitigations, verify their effectiveness by attempting to upload a test file with a manipulated path.
Path Traversalの脆弱性を修正するために、MagicINFO 9 Serverを21.1080.0より後のバージョンにアップデートしてください。最新バージョンとアップデート手順については、Samsungのウェブサイトを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-54443 is a critical vulnerability allowing attackers to upload web shells via Path Traversal in Samsung MagicINFO 9 Server versions before 21.1080.0, potentially leading to full server compromise.
You are affected if you are running Samsung MagicINFO 9 Server versions less than or equal to 21.1080.0. Immediately assess your environment and apply mitigations.
The primary fix is to upgrade to a patched version of Samsung MagicINFO 9 Server as soon as it becomes available. Until then, implement mitigations like restricting file uploads and deploying a WAF.
While active exploitation is not yet confirmed, the high CVSS score and public disclosure suggest a high probability of exploitation, especially with the emergence of public exploits.
Refer to the official Samsung Security Bulletin for details and updates regarding CVE-2025-54443. Check the Samsung Security Response Center for the latest information.