Samsung has launched software program updates to deal with a essential safety flaw in MagicINFO 9 Server that has been actively exploited within the wild.
The vulnerability, tracked as CVE-2025-4632 (CVSS rating: 9.8), has been described as a path traversal flaw.
“Improper limitation of a pathname to a restricted listing vulnerability in Samsung MagicINFO 9 Server model earlier than 21.1052 permits attackers to put in writing arbitrary recordsdata as system authority,” in keeping with an advisory for the flaw.
It is value noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, one other path traversal flaw in the identical product that was patched by Samsung in August 2024.
CVE-2025-4632 has since been exploited within the wild shortly after the discharge of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025, in some cases to even deploy the Mirai botnet.
Whereas it was initially assumed that the assaults had been concentrating on CVE-2024-7399, cybersecurity firm Huntress first revealed the existence of an unpatched vulnerability final week after discovering indicators of exploitation even on MagicINFO 9 Server cases operating the newest model (21.1050).
In a follow-up report printed on Could 9, Huntress revealed that three separate incidents that concerned the exploitation of CVE-2025-4632, with unidentified actors operating an equivalent set of instructions to obtain further payloads like “srvany.exe” and “providers.exe” on two hosts and executing reconnaissance instructions on the third.
Customers of the Samsung MagicINFO 9 Server are really helpful to use the newest fixes as quickly as attainable to safeguard in opposition to potential threats.
“We’ve got verified that MagicINFO 9 21.1052.0 does mitigate the unique challenge raised in CVE-2025-4632,” Jamie Levy, director of adversary techniques at Huntress, advised The Hacker Information.
“Any machine that has variations v8 – v9 21.1050.0 will nonetheless be affected by this vulnerability. We have additionally found that upgrading from MagicINFO v8 to v9 21.1052.0 shouldn’t be as simple since it’s important to first improve to 21.1050.0 earlier than making use of the ultimate patch.”