CVE-2025-54448

Samsung Electronics · MagicINFO 9 Server

An unrestricted file upload vulnerability in the Samsung MagicINFO 9 Server allows remote attackers to perform code injection.

Executive summary

A critical code injection vulnerability in Samsung MagicINFO 9 Server allows unauthenticated attackers to execute arbitrary code via unrestricted file uploads.

Vulnerability

This vulnerability involves the unrestricted upload of dangerous file types, enabling an unauthenticated attacker to inject and execute malicious code on the target server.

Business impact

With a CVSS score of 9.8, this vulnerability poses a severe risk to organizational infrastructure. Successful exploitation grants an attacker full control over the affected server, which may result in data exfiltration, system destruction, or the deployment of ransomware.

Remediation

Immediate Action: Apply the patch provided by Samsung Electronics to update the MagicINFO 9 Server to version 21.1080.0 or later.

Proactive Monitoring: Monitor server directories for unauthorized executable files and review access logs for unexpected POST requests.

Compensating Controls: Utilize a WAF to restrict file uploads and inspect incoming traffic for malicious payloads.

Exploitation status

Public Exploit Available: No

Analyst recommendation

This vulnerability represents a significant security risk that requires urgent attention. Administrators should deploy the required software updates as soon as they become available to mitigate the risk of remote code execution.