CVE-2025-4632

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4632
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.samsungtv.com/securityUpdates#SVP-MAY-2025
Configurations

No configuration.

History

13 May 2025, 19:35

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de limitaciĆ³n incorrecta de una ruta de acceso a un directorio restringido en Samsung MagicINFO 9 Server versiĆ³n anterior a 21.1052 permite a los atacantes escribir archivos arbitrarios como autoridad del sistema.

13 May 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-13 06:15

Updated : 2025-05-23 01:00

NVD link : CVE-2025-4632

Mitre link : CVE-2025-4632

CVE.ORG link : CVE-2025-4632

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')