Cyber Resilience

CVE-2025-4632

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 13 May 2025

Published
13 May 2025
Modified
03 November 2025
KEV Added
22 May 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4260 97.6th percentile
Risk Priority 65 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-4632 is a critical-severity Path Traversal (CWE-22) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-4632 is a path traversal vulnerability (CWE-22) affecting Samsung MagicINFO 9 Server versions prior to 21.1052. The flaw stems from improper limitation of pathnames to a restricted directory, enabling unauthenticated remote attackers to write arbitrary files with system-level privileges.

An attacker can exploit the issue over the network without authentication or user interaction to upload and execute malicious files on the server, potentially leading to full system compromise including data exfiltration, persistence, or lateral movement within the environment.

Samsung has published remediation guidance in its May 2025 security updates, directing customers to upgrade MagicINFO 9 Server to version 21.1052 or later. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

The associated EPSS score has reached a peak of 0.4916 with a current value of 0.4260, reflecting substantial and sustained exploitation interest following public disclosure.

EU & UK References

Vulnerability details

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

CWE(s)
KEV Date Added
22 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
magicinfo 9 server
≤ 21.1052.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access control policies on file system operations so that unauthenticated path traversal cannot result in arbitrary writes with system authority.

prevent

Requires validation of pathnames supplied by remote users, directly blocking the directory-traversal sequences that enable the CVE-2025-4632 file-write flaw.

prevent

Limits the privileges under which the MagicINFO process runs, reducing the impact of any successful path traversal from system-level to a lower-privilege context.

References