Samsung has released software updates to solve a critical security lack on the Magicinfo 9 server, which is actively exploited in the wild.
Vulnerability tracked as Cve-2025-4632 (CVSS assessment: 9.8) was described as a lack of way.
“Incorrect Name Restriction Way to the Samsung Magicinfo server version 9 to 21.1052 allows attackers to write arbitrary files as a system authority,” An An An Anne reports consultative for shortage.
It is worth noting that the CVE-2025-4632 is a patch for CVE-2024-7399, another drawback in the same product that was secured by Samsung in August 2024.
Cve-2025-4632 since exploited In the wild shortly after the concept of evidence (POC) from the SSD disclosure on April 30, 2025, in some cases, to even deploy Mirai Botnet.
Although initially assumed that the attacks were aimed at CVE-2024-7399, the Hontress cybersecurity company first revealed the existence of an unprotected vulnerability last week, finding signs of operation even on Magicinfo 9 copies that perform the latest version (21.1050).
In the next report published on May 9, “Hontress” disclosed These three separate incidents provided for in CVE-2025-4632, with unspecified actors perform the same set of commands to download additional useful loads such as “Srvany.exe” and “Services.exe” on two hosts and performing intelligence teams on the third.
Samsung Magicinfo 9 server users are advised to apply the latest fixes as soon as possible to keep potential threats.
“We have confirmed it Magicinfo 9 21.1052.0 Remember the original number raised in the CVE-2025-4632, “said Jamie Levi, Director of Combating Opponents in Huntress, Hacker News.
“Any car, which has V8 – V9 21,1050.0, will still be affected by this vulnerability. We also found that modernization from Magicinfo V8 to V9 21.1052 is not so simple, because you will first upgrade to 21,1050.0 before applying the final patch.”
