Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Samsung Patches Critical Flaw in MagicINFO 9 Server Exploited to Deploy Mirai Botnet



Samsung has patched a critical security flaw in their MagicINFO 9 Server that has been exploited in the wild to deploy the Mirai botnet. The vulnerability allows attackers to write arbitrary files as system authority, making it essential for users to apply the latest updates to secure their systems.

The article provides an in-depth look at the vulnerability and its implications for Samsung MagicINFO 9 Server users. It highlights the importance of patch management and the need for businesses to take proactive measures to protect themselves against such threats.

  • Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server (CVE-2025-4632)
  • The vulnerability has been actively exploited since April 30, 2025
  • The exploit allows attackers to write arbitrary files as system authority with a path traversal flaw.
  • Huntress discovered signs of exploitation even on latest version (21.1050) instances
  • Three separate incidents involving CVE-2025-4632 were reported by Huntress
  • Upgrading from v8 to v9 21.1052.0 is not a straightforward process, requiring an intermediate patch



  • Samsung has recently released software updates to address a critical security flaw in their MagicINFO 9 Server, CVE-2025-4632. This vulnerability has been actively exploited in the wild since April 30, 2025, with some instances even deploying the infamous Mirai botnet. The vulnerability is described as a path traversal flaw, which allows attackers to write arbitrary files as system authority.

    In an advisory for the flaw, Samsung notes that the issue was first identified as a patch bypass for CVE-2024-7399, another path traversal flaw in the same product that was patched by Samsung in August 2024. However, it appears that Huntress cybersecurity company discovered signs of exploitation even on MagicINFO 9 Server instances running the latest version (21.1050).

    In a follow-up report published on May 9, Huntress revealed three separate incidents involving the exploitation of CVE-2025-4632. In these instances, unidentified actors were observed downloading additional payloads like "srvany.exe" and "services.exe" on two hosts and executing reconnaissance commands on the third.

    According to Jamie Levy, director of adversary tactics at Huntress, MagicINFO 9 21.1052.0 does mitigate the original issue raised in CVE-2025-4632. However, any machine that has versions v8 - v9 21.1050.0 will still be affected by this vulnerability. It is worth noting that upgrading from MagicINFO v8 to v9 21.1052.0 is not as straightforward since you have to first upgrade to 21.1050.0 before applying the final patch.

    To safeguard against potential threats, users of the Samsung MagicINFO 9 Server are recommended to apply the latest fixes as soon as possible.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Samsung-Patches-Critical-Flaw-in-MagicINFO-9-Server-Exploited-to-Deploy-Mirai-Botnet-ehn.shtml

  • https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html


  • Published: Wed May 14 14:12:26 2025 by llama3.2 3B Q4_K_M








    Sign up for our newsletter!








    © Ethical Hacking News 2025. All rights reserved.

    Privacy | Terms of Use | Contact Us