Plataforma
other
Componente
magicinfo-9-server
Corrigido em
21.1080.1
CVE-2025-54443 identifies a critical Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This flaw allows attackers to upload malicious web shells to the server, granting them unauthorized access and control. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is expected from Samsung, and interim mitigations are available.
The Path Traversal vulnerability in MagicINFO 9 Server presents a severe risk. Successful exploitation allows an attacker to bypass access controls and upload arbitrary files, specifically web shells. These web shells can then be used to execute arbitrary code on the server, leading to complete system compromise. An attacker could gain full control over the MagicINFO 9 Server, potentially accessing sensitive data, modifying configurations, and launching further attacks against other systems on the network. The blast radius extends to any data or services accessible through the compromised server, and the ability to execute code opens the door to persistent backdoors and lateral movement within the network.
CVE-2025-54443 was publicly disclosed on 2025-07-23. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept exploits are likely to emerge, increasing the risk. It is not currently listed on CISA KEV, but given the severity, it may be added in the future. Active campaigns targeting MagicINFO 9 Server are possible, particularly if readily available exploits are published.
Organizations utilizing Samsung MagicINFO 9 Server, particularly those with internet-facing deployments or those lacking robust access controls, are at significant risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as a compromise of one user's MagicINFO 9 Server could potentially impact others.
• other / server:
# Monitor MagicINFO 9 Server logs for unusual file uploads or access attempts
grep -i 'upload' /var/log/magicinfo/server.log• other / server:
# Check for the presence of suspicious web shell files (e.g., .php, .jsp) in upload directories
find /opt/magicinfo/uploads -name '*.php' -o -name '*.jsp'disclosure
Status do Exploit
EPSS
0.12% (percentil 31%)
CISA SSVC
Vetor CVSS
While a patch from Samsung is the definitive solution, several mitigations can reduce the risk until the upgrade is possible. First, strictly restrict file upload functionality within MagicINFO 9 Server, limiting allowed file types and sizes. Implement robust input validation to prevent path manipulation attempts. Consider deploying a Web Application Firewall (WAF) to filter malicious requests and block attempts to upload web shells. Regularly monitor server logs for suspicious activity, such as unusual file uploads or unexpected code execution. After applying mitigations, verify their effectiveness by attempting to upload a test file with a manipulated path.
Atualize MagicINFO 9 Server para uma versão posterior a 21.1080.0 para corrigir a vulnerabilidade de Path Traversal. Consulte o site da Samsung para obter a versão mais recente e as instruções de atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-54443 is a critical vulnerability allowing attackers to upload web shells via Path Traversal in Samsung MagicINFO 9 Server versions before 21.1080.0, potentially leading to full server compromise.
You are affected if you are running Samsung MagicINFO 9 Server versions less than or equal to 21.1080.0. Immediately assess your environment and apply mitigations.
The primary fix is to upgrade to a patched version of Samsung MagicINFO 9 Server as soon as it becomes available. Until then, implement mitigations like restricting file uploads and deploying a WAF.
While active exploitation is not yet confirmed, the high CVSS score and public disclosure suggest a high probability of exploitation, especially with the emergence of public exploits.
Refer to the official Samsung Security Bulletin for details and updates regarding CVE-2025-54443. Check the Samsung Security Response Center for the latest information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.