Cyber Posture

CVE-2025-54441

High

Published: 23 July 2025

Published
23 July 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 37.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54441 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents unrestricted upload of dangerous file types by validating inputs at upload interfaces to block code injection.

SI-9 Information Input Restrictions good match
prevent

Restricts the types of files that can be uploaded into the MagicINFO Server, prohibiting dangerous extensions that enable code injection.

SI-2 Flaw Remediation good match
prevent

Remediates the specific unrestricted file upload flaw by requiring timely patching to MagicINFO Server version 21.1080.0 or later.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Unrestricted file upload (CWE-434) on public-facing server directly enables initial access via exploitation and web shell deployment for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

Deeper analysisAI

CVE-2025-54441 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in Samsung Electronics MagicINFO 9 Server versions prior to 21.1080.0. This flaw allows attackers to upload files with dangerous extensions, enabling code injection. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

An attacker with low-privilege authenticated access (PR:L) can exploit this over the network (AV:N) with low complexity and no user interaction required. Successful exploitation enables code injection, potentially leading to remote code execution with high-impact consequences on the affected server.

Samsung's security advisory provides details on mitigation and patches, available at https://security.samsungtv.com/securityUpdates.

Details

CWE(s)
CWE-434

Affected Products

samsung
magicinfo 9 server
≤ 21.1080.0

CVEs Like This One

CVE-2025-54448Same product: Samsung Magicinfo 9 Server
CVE-2025-54442Same product: Samsung Magicinfo 9 Server
CVE-2025-54439Same product: Samsung Magicinfo 9 Server
CVE-2025-54444Same product: Samsung Magicinfo 9 Server
CVE-2025-54440Same product: Samsung Magicinfo 9 Server
CVE-2025-54449Same product: Samsung Magicinfo 9 Server
CVE-2026-25201Same product: Samsung Magicinfo 9 Server
CVE-2026-25200Same product: Samsung Magicinfo 9 Server
CVE-2025-54443Same product: Samsung Magicinfo 9 Server
CVE-2025-54446Same product: Samsung Magicinfo 9 Server

References