CVE-2025-54448
Published: 23 July 2025
Summary
CVE-2025-54448 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-54448 by identifying, reporting, and applying patches such as upgrading MagicINFO 9 Server to version 21.1080.0 or later to fix the unrestricted file upload flaw.
Validates uploaded files to reject dangerous types, directly preventing the unrestricted upload that enables code injection in MagicINFO 9 Server.
Restricts classes of dangerous file inputs to the server, blocking the exploitation path for arbitrary code injection via unauthorized file types.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted file upload (CWE-434) on public-facing server directly enables remote exploitation (T1190) and deployment of web shells for code execution (T1505.003).
NVD Description
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Deeper analysisAI
CVE-2025-54448 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in Samsung Electronics MagicINFO 9 Server. This flaw allows for code injection and affects versions of MagicINFO 9 Server prior to 21.1080.0. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.
Remote attackers require no authentication, privileges, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables arbitrary code injection, potentially granting attackers full control over the affected server, including data exfiltration, modification, or disruption of services.
Samsung's security advisory at https://security.samsungtv.com/securityUpdates provides details on mitigation. Security practitioners should upgrade MagicINFO 9 Server to version 21.1080.0 or later to address this issue.
Details
- CWE(s)