CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.613

EPSS Ranking 98.2%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

Ransomware Campaign

Unknown

References

https://security.samsungtv.com/securityUpdates#SVP-MAY-2025

Products affected by CVE-2025-4632

Samsung » Magicinfo 9 Server » Version: N/A

cpe:2.3:a:samsung:magicinfo_9_server:-
Samsung » Magicinfo 9 Server » Version: 21.1000.3

cpe:2.3:a:samsung:magicinfo_9_server:21.1000.3
Samsung » Magicinfo 9 Server » Version: 21.1010.2

cpe:2.3:a:samsung:magicinfo_9_server:21.1010.2
Samsung » Magicinfo 9 Server » Version: 21.1020.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1020.0
Samsung » Magicinfo 9 Server » Version: 21.1030.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1030.0
Samsung » Magicinfo 9 Server » Version: 21.1040.2

cpe:2.3:a:samsung:magicinfo_9_server:21.1040.2
Samsung » Magicinfo 9 Server » Version: 21.1040.3

cpe:2.3:a:samsung:magicinfo_9_server:21.1040.3
Samsung » Magicinfo 9 Server » Version: 21.1050.0

cpe:2.3:a:samsung:magicinfo_9_server:21.1050.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4632

Products

Pricing

Contact Us