CVE-2025-54451

Samsung Electronics · MagicINFO 9 Server

A code injection vulnerability in Samsung MagicINFO 9 Server allows unauthenticated remote attackers to execute arbitrary code on the server.

Executive summary

Samsung MagicINFO 9 Server is vulnerable to critical code injection, allowing unauthorized remote attackers to execute arbitrary commands on the affected system.

Vulnerability

This vulnerability stems from improper control of code generation, enabling an unauthenticated attacker to perform code injection and execute malicious instructions on the target server.

Business impact

With a CVSS score of 9.8, this vulnerability represents a critical risk, as it allows for full Remote Code Execution (RCE). Successful exploitation could result in complete server takeover, unauthorized access to sensitive corporate data, and the potential for lateral movement within the network, leading to significant operational and reputational damage.

Remediation

Immediate Action: Patch the Samsung MagicINFO 9 Server by upgrading to version 21.1080.0 or later to remediate the code injection flaw.

Proactive Monitoring: Monitor server logs for unexpected process execution, unusual outbound network traffic, or unauthorized changes to system configuration files.

Compensating Controls: Implement strict network segmentation and restrict access to the MagicINFO 9 management interface to trusted IP addresses only via a VPN or firewall.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Due to the critical nature of this Remote Code Execution vulnerability, immediate patching is essential to prevent system compromise. Organizations must expedite the deployment of version 21.1080.0 across all affected instances to ensure the integrity of the server environment.