Cyber Resilience

CVE-2025-54450

High

Published: 23 July 2025

Published
23 July 2025
Modified
28 July 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0071 72.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54450 is a high-severity Path Traversal (CWE-22) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-54450, published on 2025-07-23, is an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability, classified under CWE-22, in Samsung Electronics MagicINFO 9 Server. This flaw allows Code Injection and affects MagicINFO 9 Server versions less than 21.1080.0. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability can be exploited over the network (AV:N) with low attack complexity (AC:L), requiring high privileges (PR:H) but no user interaction (UI:N). An attacker with sufficient access can leverage path traversal to inject and execute arbitrary code, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).

Samsung's security advisory provides details on mitigation, available at https://security.samsungtv.com/securityUpdates.

EU & UK References

Vulnerability details

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal in public-facing MagicINFO server directly enables remote code injection/execution (CWE-22 leading to RCE).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-54453Same product: Samsung Magicinfo 9 Server
CVE-2025-54446Same product: Samsung Magicinfo 9 Server
CVE-2025-54438Same product: Samsung Magicinfo 9 Server
CVE-2025-54443Same product: Samsung Magicinfo 9 Server
CVE-2025-54451Same product: Samsung Magicinfo 9 Server
CVE-2025-54440Same product: Samsung Magicinfo 9 Server
CVE-2025-54449Same product: Samsung Magicinfo 9 Server
CVE-2026-25202Same product: Samsung Magicinfo 9 Server
CVE-2025-54441Same product: Samsung Magicinfo 9 Server
CVE-2025-54439Same product: Samsung Magicinfo 9 Server

Affected Assets

samsung
magicinfo 9 server
≤ 21.1080.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of file/path inputs to block the CWE-22 path traversal that enables code injection.

prevent

Limits privileges of accounts that could otherwise exploit the high-privilege path traversal vector described in the CVE.

detect

Detects unauthorized code or file modifications resulting from successful path traversal and injection.

References