CVE-2025-4632

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 versions prior to 21.1052

Description A path traversal vulnerability exists in Samsung MagicINFO 9 Server. This flaw, identified as CVE-2025-4632, allows attackers to write arbitrary files with system-level privileges due to improper limitation of a pathname to a restricted directory. This vulnerability has been actively exploited in the wild, with reports indicating its use in deploying the Mirai botnet and the AnyDesk remote administration tool. Exploitation involves writing files, such as smi2.exe, to the system. The vulnerability has a CVSS score of 9.8, indicating a critical severity. The vulnerability has been used to deploy the XMRig cryptominer. A Spanish footwear brand was also compromised through this vulnerability.

Recommendations Update to version 21.1052 or later.