平台
other
组件
magicinfo-9-server
修复版本
21.1080.1
CVE-2025-54443 identifies a critical Path Traversal vulnerability affecting Samsung MagicINFO 9 Server. This flaw allows attackers to upload malicious web shells to the server, granting them unauthorized access and control. The vulnerability impacts versions of MagicINFO 9 Server prior to 21.1080.0. A patch is expected from Samsung, and interim mitigations are available.
The Path Traversal vulnerability in MagicINFO 9 Server presents a severe risk. Successful exploitation allows an attacker to bypass access controls and upload arbitrary files, specifically web shells. These web shells can then be used to execute arbitrary code on the server, leading to complete system compromise. An attacker could gain full control over the MagicINFO 9 Server, potentially accessing sensitive data, modifying configurations, and launching further attacks against other systems on the network. The blast radius extends to any data or services accessible through the compromised server, and the ability to execute code opens the door to persistent backdoors and lateral movement within the network.
CVE-2025-54443 was publicly disclosed on 2025-07-23. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept exploits are likely to emerge, increasing the risk. It is not currently listed on CISA KEV, but given the severity, it may be added in the future. Active campaigns targeting MagicINFO 9 Server are possible, particularly if readily available exploits are published.
Organizations utilizing Samsung MagicINFO 9 Server, particularly those with internet-facing deployments or those lacking robust access controls, are at significant risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as a compromise of one user's MagicINFO 9 Server could potentially impact others.
• other / server:
# Monitor MagicINFO 9 Server logs for unusual file uploads or access attempts
grep -i 'upload' /var/log/magicinfo/server.log• other / server:
# Check for the presence of suspicious web shell files (e.g., .php, .jsp) in upload directories
find /opt/magicinfo/uploads -name '*.php' -o -name '*.jsp'disclosure
漏洞利用状态
EPSS
0.12% (31% 百分位)
CISA SSVC
CVSS 向量
While a patch from Samsung is the definitive solution, several mitigations can reduce the risk until the upgrade is possible. First, strictly restrict file upload functionality within MagicINFO 9 Server, limiting allowed file types and sizes. Implement robust input validation to prevent path manipulation attempts. Consider deploying a Web Application Firewall (WAF) to filter malicious requests and block attempts to upload web shells. Regularly monitor server logs for suspicious activity, such as unusual file uploads or unexpected code execution. After applying mitigations, verify their effectiveness by attempting to upload a test file with a manipulated path.
将 MagicINFO 9 Server 更新到 21.1080.0 以上版本以修复 Path Traversal 漏洞。请参阅 Samsung 网站以获取最新版本和更新说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-54443 is a critical vulnerability allowing attackers to upload web shells via Path Traversal in Samsung MagicINFO 9 Server versions before 21.1080.0, potentially leading to full server compromise.
You are affected if you are running Samsung MagicINFO 9 Server versions less than or equal to 21.1080.0. Immediately assess your environment and apply mitigations.
The primary fix is to upgrade to a patched version of Samsung MagicINFO 9 Server as soon as it becomes available. Until then, implement mitigations like restricting file uploads and deploying a WAF.
While active exploitation is not yet confirmed, the high CVSS score and public disclosure suggest a high probability of exploitation, especially with the emergence of public exploits.
Refer to the official Samsung Security Bulletin for details and updates regarding CVE-2025-54443. Check the Samsung Security Response Center for the latest information.