Samsung Implements Security Patch for CVE-2025-4632 Exploited in Mirai Botnet Deployment via MagicINFO 9 Vulnerability
Samsung has implemented software updates to rectify a critical security vulnerability identified in the MagicINFO 9 Server, which has been the target of active exploitation.
This vulnerability, designated as CVE-2025-4632 with a CVSS score of 9.8, is characterized as a path traversal flaw. According to security advisories, the vulnerability enables improper limitation of a pathname to a restricted directory, allowing attackers to write arbitrary files with system authority.
It is important to highlight that CVE-2025-4632 represents a patch bypass for another path traversal vulnerability, CVE-2024-7399, which had been addressed by Samsung in August 2024. The newly identified flaw has already been exploited in the wild, following the public release of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025. In certain cases, this exploitation has reportedly facilitated the deployment of the Mirai botnet.
Initially, it was believed that attackers were targeting CVE-2024-7399; however, cybersecurity firm Huntress recently discovered the existence of an additional, unpatched vulnerability. Their investigations revealed signs of exploitation even on instances of the MagicINFO 9 Server using the latest version (21.1050).
In a subsequent report dated May 9, Huntress documented three separate incidents of exploitation involving CVE-2025-4632. In these incidents, unidentified actors executed a consistent set of commands to download various payloads, including “srvany.exe” and “services.exe,” across two hosts, while deploying reconnaissance commands on a third.
For users operating the Samsung MagicINFO 9 Server, it is strongly recommended to implement the latest updates without delay to protect against potential threats.
Experts have confirmed that the version MagicINFO 9 21.1052.0 effectively mitigates the issues presented by CVE-2025-4632. However, any systems currently running versions v8 or v9 below 21.1050.0 remain vulnerable. Additionally, transitioning from MagicINFO v8 to v9 21.1052.0 is complex; users must first upgrade to version 21.1050.0 before installing the final patch.
The recent resurgence of North Korea’s ‘Contagious Interview’ campaign has emerged as a significant threat, targeting job seekers through malicious…
Four individuals believed to be associated with the ShinyHunters hacking group have been arrested in a coordinated international law enforcement…
Six months following a significant data breach affecting students, families, and school staff nationwide, including all school districts in Southeastern…
Recent reports have emerged regarding a significant breach, touted as the “mother of all breaches,” which quickly garnered extensive media…
The Anubis ransomware group has reported a significant data breach involving 64GB of sensitive information from Disneyland Paris. This breach…
The threat actor group known as Banana Squad has been identified as employing sophisticated tactics to distribute data-stealing malware. This…
OpenAI is set to release an update for ChatGPT that will activate the new o3 Pro model, which boasts enhanced…
Microsoft has released the KB5058481 preview cumulative update for Windows 10 22H2, which introduces several enhancements, including the restoration of…
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be…