Samsung has issued software updates to address an important safety defect in the Magicinfo 9 server, which has been actively exploited in the wild.
The vulnerability tracked as CVE-2025-4632 (CVSS score: 9.8) is described as a path traversal defect.
According to a advice, “Inappropriate range of a patname for a restricted directory vulnerability in Samsung Magicinfo 9 server version before 21.1052, allows the attackers to write arbitrary files as a system authority,” according to a advice.
It is worth noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, the same product has another path traverse dosha that was patched by Samsung in August 2024.
The CVE-2025-4632 has also exploited the Mirai Botetas in some examples in some examples in the wild, soon after the release of the proof-off-concept (POC) by SSD disclosure on April 30, 2025.
Although it was initially assumed that the attacks were targeting the CVE-2024-7399, Cybercity Company Huntress revealed the existence of an unpublished vulnerability last week after finding signs of exploitation even on Magicinfo 9 server examples, which runs the latest edition (21.1050) for the first time.
In a follow-up report published on 9 May, Huntress revealed that three separate incidents consisting of exploitation of CVE-2025–4632, unknown actors run a similar set of commands to download additional payloads such as “srvany.exe” and “services” and performed the tennance command over two hosts.
Samsung Magicinfo 9 server users are recommended to implement the latest reforms as soon as possible to protect against potential hazards.
“We have verified that Magicinfo 9 21.1052.0 CVE -2025-4632 reduces the original issues raised in Hunchar News,” Jamie Levi told Hacor News, director of Adversary Tectics at Huntress.
“Any machine that has versions V8 – V9 21.1050.0, will still be impressed by this vulnerability. We have also discovered that upgrading from Magicinfo V8 to V9 from 21.1052.0 is not as straightforward when you have to upgrade to 21.1050.0 before applying the final patch.”
