PT-2026-1297 · Samsung · Samsung Magician
Published
2025-08-11
·
Updated
2026-01-07
·
CVE-2025-57836
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung Magician versions 6.3.0 through 8.3.2
Description
The software installer creates a temporary folder with insufficient permissions during the installation process on Windows. This allows a non-administrative user to potentially perform DLL hijacking and gain elevated privileges.
Recommendations
Versions prior to 6.3.0 are not affected.
Versions 6.3.0 through 8.3.2 are affected and require attention.
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Magician