H3-2025-0046¶

Samsung MagicINFO 9 Server Remote Code Execution Vulnerability

Description¶

Samsung MagicINFO 9 Server is vulnerable to an unauthenticated file upload vulnerability that leads to remote code execution.

Impact¶

Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the target system.

References¶

• Vendor Advisory
• Third Party Advisory
• Exploitation in the Wild Reference
• Help Net Security Article
• BleepingComputer Article
• The Hacker News Article
• NVD: CVE-2025-4632