CVE-2026-25202
Published: 02 February 2026
Summary
CVE-2026-25202 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Samsung Magicinfo 9 Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identifying, reporting, and correcting the hardcoded credentials flaw via vendor upgrade to prevent exploitation.
Prohibits the use of hardcoded or default authenticators like the static database password, preventing unauthorized login.
Mandates secure account management practices that avoid hardcoded service accounts, limiting unauthorized database manipulation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded DB credentials in public-facing MagicINFO server enable remote unauthenticated login and data manipulation (read/modify/delete), directly facilitating T1190 (remote exploit of exposed app) and T1078.001 (use of known valid/default account).
NVD Description
The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.
Deeper analysisAI
CVE-2026-25202 is a critical vulnerability (CVSS 3.1 score of 9.8) affecting MagicINFO 9 Server versions prior to 21.1090.1. The issue stems from hardcoded database account credentials (CWE-798: Use of Hard-coded Credentials), enabling unauthorized access to the database for manipulation. Published on 2026-02-02, it exposes the server component to potential full compromise due to the static nature of the credentials.
Attackers with network access can exploit this vulnerability remotely without authentication, privileges, or user interaction, as indicated by the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Successful exploitation allows login to the database using the hardcoded account and password, granting capabilities to read, modify, or delete data, which could lead to complete data exfiltration, corruption, or denial of service.
Samsung's security advisory, available at https://security.samsungtv.com/securityUpdates, provides details on mitigation, including upgrading to MagicINFO 9 Server version 21.1090.1 or later to address the hardcoded credentials.
Details
- CWE(s)