dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Avatar
info@thehackernews.com (The Hacker News)
May 14, 2025
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
Total
0
Shares
0
0
0

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.

The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.

“Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary files as system authority,” according to an advisory for the flaw.

It’s worth noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, another path traversal flaw in the same product that was patched by Samsung in August 2024.

CVE-2025-4632 has since been exploited in the wild shortly after the release of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025, in some instances to even deploy the Mirai botnet.

While it was initially assumed that the attacks were targeting CVE-2024-7399, cybersecurity company Huntress first revealed the existence of an unpatched vulnerability last week after finding signs of exploitation even on MagicINFO 9 Server instances running the latest version (21.1050).

In a follow-up report published on May 9, Huntress revealed that three separate incidents that involved the exploitation of CVE-2025-4632, with unidentified actors running an identical set of commands to download additional payloads like “srvany.exe” and “services.exe” on two hosts and executing reconnaissance commands on the third.

Users of the Samsung MagicINFO 9 Server are recommended to apply the latest fixes as soon as possible to safeguard against potential threats.

“We have verified that MagicINFO 9 21.1052.0 does mitigate the original issue raised in CVE-2025-4632,” Jamie Levy, director of adversary tactics at Huntress, told The Hacker News.

“Any machine that has versions v8 – v9 21.1050.0 will still be affected by this vulnerability. We’ve also discovered that upgrading from MagicINFO v8 to v9 21.1052.0 is not as straightforward since you have to first upgrade to 21.1050.0 before applying the final patch.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

May 14, 2025
Next Post

Nova Scotia Power says customer banking details may have been stolen by hackers

May 14, 2025
Related Posts
6 min

U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000
Avatar
info@thehackernews.com (The Hacker News)
May 23, 2025
Read More