Platform
other
Component
magicinfo-9-server
Opgelost in
21.1080.1
CVE-2025-54446 describes a Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This vulnerability allows an attacker to upload a web shell, granting them unauthorized access and control over the affected server. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is available from Samsung, upgrading to version 21.1080.0 is the recommended solution.
The primary impact of CVE-2025-54446 is the ability for an attacker to upload a web shell to the MagicINFO 9 Server. A web shell is a malicious script that provides an attacker with remote command execution capabilities. Successful exploitation allows an attacker to gain complete control over the server, including the ability to read, modify, and delete sensitive data, install malware, and potentially pivot to other systems on the network. The blast radius extends to any data stored or processed by the MagicINFO 9 Server, and the server could be used as a launchpad for further attacks within the organization. This vulnerability shares similarities with other web shell upload vulnerabilities, where attackers leverage insufficient input validation to bypass security controls.
CVE-2025-54446 was publicly disclosed on 2025-07-23. Its severity is rated as CRITICAL (CVSS 9.8). There is currently no indication of active exploitation campaigns or public proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a potential risk to federal executive branch agencies. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing Samsung MagicINFO 9 Server for digital signage or information display systems are at risk. This includes businesses with multiple deployments, those using older, unpatched versions of the software, and environments with limited security monitoring capabilities. Shared hosting environments where MagicINFO is installed could also be vulnerable if the hosting provider has not applied the patch.
• windows / supply-chain: Monitor scheduled tasks for suspicious scripts. Check registry keys related to MagicINFO for unauthorized modifications.
Get-ScheduledTask | Where-Object {$_.TaskName -like "*magicinfo*"}• linux / server: Monitor system logs for file upload attempts to the MagicINFO directory. Use auditd to track file access and modification events.
auditctl -w /opt/magicinfo/ -p wa -k magicinfo_upload• generic web: Monitor web server access logs for requests containing path traversal sequences (e.g., ../). Use a WAF to block requests with suspicious patterns.
grep '../\' /var/log/apache2/access.logdisclosure
Exploit Status
EPSS
0.12% (31% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-54446 is to upgrade MagicINFO 9 Server to version 21.1080.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file upload functionality to trusted sources only, implementing strict input validation on all file uploads, and enabling web application firewall (WAF) rules to detect and block suspicious file upload attempts. Monitor server logs for unusual activity, particularly related to file uploads and execution. After upgrading, confirm the fix by attempting a file upload via the vulnerable endpoint and verifying that the upload is rejected.
Werk Samsung Electronics MagicINFO 9 Server bij naar versie 21.1080.0 of hoger. Dit corrigeert de Path Traversal kwetsbaarheid die het mogelijk maakt een Web Shell naar de webserver te uploaden.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-54446 is a critical vulnerability allowing attackers to upload web shells to Samsung MagicINFO 9 Server versions before 21.1080.0, potentially leading to full server compromise.
You are affected if you are running Samsung MagicINFO 9 Server versions prior to 21.1080.0. Check your version and upgrade immediately.
Upgrade to version 21.1080.0 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads and enabling WAF rules.
There is currently no confirmed active exploitation, but the vulnerability is rated CRITICAL and has been added to the CISA KEV catalog, indicating potential risk.
Refer to the official Samsung Security Bulletin for details and updates regarding CVE-2025-54446. Check the Samsung Security Response Center website.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.