CVE-2025-54449

Samsung Electronics · MagicINFO 9 Server

An unrestricted file upload vulnerability in the Samsung MagicINFO 9 Server allows remote attackers to perform code injection.

Executive summary

A critical code injection vulnerability in Samsung MagicINFO 9 Server allows unauthenticated attackers to execute arbitrary code via unrestricted file uploads.

Vulnerability

This is an unrestricted file upload vulnerability that permits an unauthenticated attacker to upload malicious files to the server. Successful exploitation allows for arbitrary code execution within the context of the application.

Business impact

The CVSS score of 9.8 reflects the critical nature of this flaw, as it allows full system compromise without prior authentication. Successful exploitation could lead to total loss of confidentiality, integrity, and availability of the MagicINFO server, potentially facilitating lateral movement into the broader corporate network.

Remediation

Immediate Action: Upgrade the Samsung MagicINFO 9 Server instance to version 21.1080.0 or higher immediately.

Proactive Monitoring: Inspect web server logs for suspicious file upload requests or anomalous traffic originating from untrusted sources.

Compensating Controls: Implement a Web Application Firewall (WAF) to block requests containing suspicious file extensions or signatures associated with web shells.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the critical severity and the potential for remote code execution, organizations must prioritize patching this vulnerability. Apply the vendor-supplied update immediately to prevent unauthorized access and potential system compromise.