CVE-2026-25201

CVSS v2.0

High

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MagicINFO 9 Server versions prior to 21.1090.1

Description An unauthenticated user can upload arbitrary files, potentially leading to remote code execution and privilege escalation. The issue allows for the upload of files without authentication, which can then be used to execute code on the system.

Recommendations Update MagicINFO 9 Server to version 21.1090.1 or later.

Fix

LPE

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2026-01070

CVE-2026-25201

Affected Products

Magicinfo 9 Server

CVE-2026-25201

Weakness Enumeration

Related Identifiers

Affected Products

References · 12