CVE-2025-4632

Name of the Vulnerable Software and Affected Versions Samsung MagicINFO 9 Server versions prior to 21.1052

Description A path traversal issue exists due to improper limitation of a pathname to a restricted directory. This flaw allows a remote attacker to write arbitrary files with system authority without authentication, potentially leading to remote code execution. Real-world exploitation has been observed, including the delivery of the Mirai Botnet and the deployment of the XMRig cryptocurrency miner (disguised as smi2.exe) and AnyDesk for remote management. In these incidents, attackers used PowerShell and batch scripts to bypass security measures, such as adding exclusion directories to Microsoft Defender, to facilitate unauthorized Monero mining.

Recommendations Update to version 21.1052 or later.