CVE-2025-54449
Samsung Electronics · MagicINFO 9 Server
An unrestricted file upload vulnerability in the Samsung MagicINFO 9 Server allows remote attackers to perform code injection.
Executive summary
A critical code injection vulnerability in Samsung MagicINFO 9 Server allows unauthenticated attackers to execute arbitrary code via unrestricted file uploads.
Vulnerability
This is an unrestricted file upload vulnerability that permits an unauthenticated attacker to upload malicious files to the server. Successful exploitation allows for arbitrary code execution within the context of the application.
Business impact
The CVSS score of 9.8 reflects the critical nature of this flaw, as it allows full system compromise without prior authentication. Successful exploitation could lead to total loss of confidentiality, integrity, and availability of the MagicINFO server, potentially facilitating lateral movement into the broader corporate network.
Remediation
Immediate Action: Upgrade the Samsung MagicINFO 9 Server instance to version 21.1080.0 or higher immediately.
Proactive Monitoring: Inspect web server logs for suspicious file upload requests or anomalous traffic originating from untrusted sources.
Compensating Controls: Implement a Web Application Firewall (WAF) to block requests containing suspicious file extensions or signatures associated with web shells.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the critical severity and the potential for remote code execution, organizations must prioritize patching this vulnerability. Apply the vendor-supplied update immediately to prevent unauthorized access and potential system compromise.