CVE-2025-4632

CRITICAL KEV NUCLEI

Samsung MagicINFO <21.1052 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2025-4632 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 22, 2025. EIP tracks 2 public exploits from researchers including digitalsurgn, MantisToboggan-git. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-4632, an unauthenticated RCE vulnerability in Samsung MagicINFO 9 Server. The exploit leverages path traversal in the `SWUpdateFileUploader` servlet to write arbitrary files to the web root, enabling remote code execution.

Description

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

Exploits (2)

nomisec WORKING POC

by digitalsurgn · remote

https://github.com/digitalsurgn/CVE-2025-4632_POC

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-4632, an unauthenticated RCE vulnerability in Samsung MagicINFO 9 Server. The exploit leverages path traversal in the `SWUpdateFileUploader` servlet to write arbitrary files to the web root, enabling remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Samsung MagicINFO 9 Server (versions prior to 21.1052)

No auth needed

Prerequisites: Network access to the target server · Target running vulnerable version of Samsung MagicINFO 9 Server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 10, 2026 Full analysis →

nomisec STUB

by MantisToboggan-git · poc

https://github.com/MantisToboggan-git/CVE-2025-4632-POC

View Code ZIP pw:eip

The repository contains only a README.md file with minimal information, lacking any actual exploit code or technical details for CVE-2025-4632.

Classification

Stub 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Samsung MagicINFO 9 Server - File Upload & Remote Code Execution

CRITICALby s4e-io

Shodan: Server: magicinfo premium server

References (2)

Core 2

Core References

Patch, Vendor Advisory

https://security.samsungtv.com/securityUpdates#SVP-MAY-2025

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4632

Scores

CVSS v3 9.8

EPSS 0.4260

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2025-05-22

VulnCheck KEV 2025-05-06

ENISA EUVD EUVD-2025-14362

CWE

CWE-22

Status published

Products (1)

samsung/magicinfo_9_server < 21.1052.0

Published May 13, 2025

KEV Added May 22, 2025

Tracked Since Feb 18, 2026