CVE-2025-54446
Samsung Electronics · MagicINFO 9 Server
A path traversal vulnerability in Samsung MagicINFO 9 Server allows unauthorized actors to upload a web shell to the server.
Executive summary
A critical path traversal vulnerability in Samsung MagicINFO 9 Server allows unauthenticated attackers to upload web shells, leading to full system compromise.
Vulnerability
This is an improper limitation of a pathname to a restricted directory (path traversal) that allows an unauthenticated attacker to bypass directory restrictions. By manipulating file paths, an attacker can upload a web shell to the server, facilitating remote code execution.
Business impact
The CVSS score of 9.8 underscores the extreme risk posed by this vulnerability. Successful exploitation permits an attacker to establish persistent access to the server, resulting in potential data theft and total system compromise, which could cause significant operational and reputational damage.
Remediation
Immediate Action: Consult the official Samsung vendor advisory to identify the patched version and upgrade the MagicINFO 9 Server immediately.
Proactive Monitoring: Review web server logs for path traversal patterns (e.g., ../ sequences) and unauthorized file uploads to unexpected directories.
Compensating Controls: Deploy a WAF with rules configured to detect and block path traversal attempts and unauthorized file uploads.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Path traversal vulnerabilities that lead to web shell uploads are high-priority targets for attackers. It is essential that administrators verify their current version against the vendor's documentation and apply the necessary security updates to close this critical access vector.