Search
Find a vulnerability
Search criteria
64 vulnerabilities by Samsung Electronics
CVE-2026-25203 (GCVE-0-2026-25203)
Vulnerability from nvd – Published: 2026-04-10 01:24 – Updated: 2026-04-14 03:55
VLAI
Summary
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
This issue affects MagicINFO 9 Server: less than 21.1091.1.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1091.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T03:55:38.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1091.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eSamsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1091.1.\u003c/p\u003e"
}
],
"value": "Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1091.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T01:24:07.308Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25203",
"datePublished": "2026-04-10T01:24:07.308Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-14T03:55:38.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25202 (GCVE-0-2026-25202)
Vulnerability from nvd – Published: 2026-02-02 04:49 – Updated: 2026-02-26 15:04
VLAI
Summary
The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1090.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:43.219952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:39.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1090.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.\u003c/span\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1090.1.\u003c/p\u003e"
}
],
"value": "The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1."
}
],
"impacts": [
{
"capecId": "CAPEC-203",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-203 Manipulate Registry Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T04:49:53.680Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25202",
"datePublished": "2026-02-02T04:49:53.680Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-02-26T15:04:39.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25201 (GCVE-0-2026-25201)
Vulnerability from nvd – Published: 2026-02-02 04:49 – Updated: 2026-02-26 15:04
VLAI
Summary
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1090.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:44.687003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:40.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1090.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1090.1.\u003c/p\u003e"
}
],
"value": "An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.\nThis issue affects MagicINFO 9 Server: less than 21.1090.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T04:49:38.016Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25201",
"datePublished": "2026-02-02T04:49:38.016Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-02-26T15:04:40.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25200 (GCVE-0-2026-25200)
Vulnerability from nvd – Published: 2026-02-02 04:49 – Updated: 2026-02-26 15:04
VLAI
Summary
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover
This issue affects MagicINFO 9 Server: less than 21.1090.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1090.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:46.300163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:40.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1090.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1090.1.\u003c/p\u003e"
}
],
"value": "A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1090.1."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T04:49:13.086Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25200",
"datePublished": "2026-02-02T04:49:13.086Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-02-26T15:04:40.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53082 (GCVE-0-2025-53082)
Vulnerability from nvd – Published: 2025-07-29 05:08 – Updated: 2025-07-29 14:37
VLAI
Summary
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:37:17.859033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:37:47.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:08:25.846Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53082",
"datePublished": "2025-07-29T05:08:25.846Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:37:47.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53081 (GCVE-0-2025-53081)
Vulnerability from nvd – Published: 2025-07-29 05:06 – Updated: 2025-07-29 14:39
VLAI
Summary
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:38:37.870302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:39:26.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:08:56.100Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53081",
"datePublished": "2025-07-29T05:06:47.194Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:39:26.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53080 (GCVE-0-2025-53080)
Vulnerability from nvd – Published: 2025-07-29 05:05 – Updated: 2025-07-29 14:44
VLAI
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:44:19.342107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:44:48.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:05:14.690Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53080",
"datePublished": "2025-07-29T05:05:14.690Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:44:48.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53079 (GCVE-0-2025-53079)
Vulnerability from nvd – Published: 2025-07-29 05:04 – Updated: 2025-07-29 14:51
VLAI
Summary
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:49:55.925035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:51:16.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
}
],
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:04:48.482Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53079",
"datePublished": "2025-07-29T05:04:48.482Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T14:51:16.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53078 (GCVE-0-2025-53078)
Vulnerability from nvd – Published: 2025-07-29 05:04 – Updated: 2025-07-29 15:02
VLAI
Summary
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:01:11.042631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:02:48.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
}
],
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:04:18.477Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53078",
"datePublished": "2025-07-29T05:04:18.477Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:02:48.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53077 (GCVE-0-2025-53077)
Vulnerability from nvd – Published: 2025-07-29 05:03 – Updated: 2025-07-29 15:06
VLAI
Summary
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-698 - Execution After Redirect (EAR)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | DMS(Data Management Server) |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 05:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:06:15.557705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:06:50.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMS(Data Management Server)",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-698",
"description": "CWE-698 Execution After Redirect (EAR)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:03:41.034Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53077",
"datePublished": "2025-07-29T05:03:41.034Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:06:50.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54455 (GCVE-0-2025-54455)
Vulnerability from nvd – Published: 2025-07-23 05:27 – Updated: 2026-02-26 17:50
VLAI
Summary
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:47.524352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:21.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:27:10.678Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54455",
"datePublished": "2025-07-23T05:27:10.678Z",
"dateReserved": "2025-07-22T03:21:27.439Z",
"dateUpdated": "2026-02-26T17:50:21.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54454 (GCVE-0-2025-54454)
Vulnerability from nvd – Published: 2025-07-23 05:26 – Updated: 2026-02-26 17:50
VLAI
Summary
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:46.695181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:21.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:26:26.117Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54454",
"datePublished": "2025-07-23T05:26:17.961Z",
"dateReserved": "2025-07-22T03:21:27.439Z",
"dateUpdated": "2026-02-26T17:50:21.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54453 (GCVE-0-2025-54453)
Vulnerability from nvd – Published: 2025-07-23 05:30 – Updated: 2026-02-26 17:50
VLAI
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:54.342199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:19.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:30:35.796Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54453",
"datePublished": "2025-07-23T05:30:35.796Z",
"dateReserved": "2025-07-22T03:21:27.438Z",
"dateUpdated": "2026-02-26T17:50:19.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54452 (GCVE-0-2025-54452)
Vulnerability from nvd – Published: 2025-07-23 05:29 – Updated: 2025-07-23 14:52
VLAI
Summary
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:52:41.783506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:52:49.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:29:34.600Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54452",
"datePublished": "2025-07-23T05:29:34.600Z",
"dateReserved": "2025-07-22T03:21:27.438Z",
"dateUpdated": "2025-07-23T14:52:49.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54451 (GCVE-0-2025-54451)
Vulnerability from nvd – Published: 2025-07-23 05:29 – Updated: 2026-02-26 17:50
VLAI
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:51.744121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:19.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:29:06.803Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54451",
"datePublished": "2025-07-23T05:29:06.803Z",
"dateReserved": "2025-07-22T03:21:27.438Z",
"dateUpdated": "2026-02-26T17:50:19.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54450 (GCVE-0-2025-54450)
Vulnerability from nvd – Published: 2025-07-23 05:28 – Updated: 2026-02-26 17:50
VLAI
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:49.326255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:20.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:28:25.686Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54450",
"datePublished": "2025-07-23T05:28:25.686Z",
"dateReserved": "2025-07-22T03:21:27.438Z",
"dateUpdated": "2026-02-26T17:50:20.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54449 (GCVE-0-2025-54449)
Vulnerability from nvd – Published: 2025-07-23 05:27 – Updated: 2026-02-26 17:50
VLAI
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:48.455699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:20.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:27:49.191Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54449",
"datePublished": "2025-07-23T05:27:49.191Z",
"dateReserved": "2025-07-22T03:21:27.438Z",
"dateUpdated": "2026-02-26T17:50:20.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54448 (GCVE-0-2025-54448)
Vulnerability from nvd – Published: 2025-07-23 05:31 – Updated: 2026-02-26 17:50
VLAI
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:58.413605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:19.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:31:03.535Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54448",
"datePublished": "2025-07-23T05:31:03.535Z",
"dateReserved": "2025-07-22T03:21:27.437Z",
"dateUpdated": "2026-02-26T17:50:19.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54447 (GCVE-0-2025-54447)
Vulnerability from nvd – Published: 2025-07-23 05:32 – Updated: 2026-02-26 17:50
VLAI
Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:56:00.136367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:18.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0.\u003c/p\u003e"
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:32:57.073Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54447",
"datePublished": "2025-07-23T05:32:57.073Z",
"dateReserved": "2025-07-22T03:20:53.245Z",
"dateUpdated": "2026-02-26T17:50:18.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54446 (GCVE-0-2025-54446)
Vulnerability from nvd – Published: 2025-07-23 05:32 – Updated: 2026-02-26 17:50
VLAI
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1080.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:59.259621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:19.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1080.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1080.0\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0"
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T05:32:00.428Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-54446",
"datePublished": "2025-07-23T05:32:00.428Z",
"dateReserved": "2025-07-22T03:20:53.245Z",
"dateUpdated": "2026-02-26T17:50:19.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25203 (GCVE-0-2026-25203)
Vulnerability from cvelistv5 – Published: 2026-04-10 01:24 – Updated: 2026-04-14 03:55
VLAI
Summary
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
This issue affects MagicINFO 9 Server: less than 21.1091.1.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1091.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T03:55:38.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1091.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eSamsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1091.1.\u003c/p\u003e"
}
],
"value": "Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1091.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T01:24:07.308Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25203",
"datePublished": "2026-04-10T01:24:07.308Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-14T03:55:38.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25202 (GCVE-0-2026-25202)
Vulnerability from cvelistv5 – Published: 2026-02-02 04:49 – Updated: 2026-02-26 15:04
VLAI
Summary
The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1090.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:43.219952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:39.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1090.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.\u003c/span\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1090.1.\u003c/p\u003e"
}
],
"value": "The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1."
}
],
"impacts": [
{
"capecId": "CAPEC-203",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-203 Manipulate Registry Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T04:49:53.680Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25202",
"datePublished": "2026-02-02T04:49:53.680Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-02-26T15:04:39.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25201 (GCVE-0-2026-25201)
Vulnerability from cvelistv5 – Published: 2026-02-02 04:49 – Updated: 2026-02-26 15:04
VLAI
Summary
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1090.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:44.687003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:40.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1090.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1090.1.\u003c/p\u003e"
}
],
"value": "An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.\nThis issue affects MagicINFO 9 Server: less than 21.1090.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T04:49:38.016Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25201",
"datePublished": "2026-02-02T04:49:38.016Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-02-26T15:04:40.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25200 (GCVE-0-2026-25200)
Vulnerability from cvelistv5 – Published: 2026-02-02 04:49 – Updated: 2026-02-26 15:04
VLAI
Summary
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover
This issue affects MagicINFO 9 Server: less than 21.1090.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | MagicINFO 9 Server |
Affected:
21.1090.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:46.300163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:40.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MagicINFO 9 Server",
"vendor": "Samsung Electronics",
"versions": [
{
"status": "affected",
"version": "21.1090.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects MagicINFO 9 Server: less than 21.1090.1.\u003c/p\u003e"
}
],
"value": "A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1090.1."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T04:49:13.086Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungtv.com/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25200",
"datePublished": "2026-02-02T04:49:13.086Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-02-26T15:04:40.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53082 (GCVE-0-2025-53082)
Vulnerability from cvelistv5 – Published: 2025-07-29 05:08 – Updated: 2025-07-29 14:37
VLAI
Summary
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:37:17.859033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:37:47.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:08:25.846Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53082",
"datePublished": "2025-07-29T05:08:25.846Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:37:47.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53081 (GCVE-0-2025-53081)
Vulnerability from cvelistv5 – Published: 2025-07-29 05:06 – Updated: 2025-07-29 14:39
VLAI
Summary
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:38:37.870302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:39:26.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:08:56.100Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53081",
"datePublished": "2025-07-29T05:06:47.194Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:39:26.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53080 (GCVE-0-2025-53080)
Vulnerability from cvelistv5 – Published: 2025-07-29 05:05 – Updated: 2025-07-29 14:44
VLAI
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:44:19.342107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:44:48.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:05:14.690Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53080",
"datePublished": "2025-07-29T05:05:14.690Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:44:48.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53079 (GCVE-0-2025-53079)
Vulnerability from cvelistv5 – Published: 2025-07-29 05:04 – Updated: 2025-07-29 14:51
VLAI
Summary
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:49:55.925035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:51:16.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
}
],
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:04:48.482Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53079",
"datePublished": "2025-07-29T05:04:48.482Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T14:51:16.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53078 (GCVE-0-2025-53078)
Vulnerability from cvelistv5 – Published: 2025-07-29 05:04 – Updated: 2025-07-29 15:02
VLAI
Summary
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | Data Management Server |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 03:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:01:11.042631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:02:48.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
}
],
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:04:18.477Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53078",
"datePublished": "2025-07-29T05:04:18.477Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:02:48.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53077 (GCVE-0-2025-53077)
Vulnerability from cvelistv5 – Published: 2025-07-29 05:03 – Updated: 2025-07-29 15:06
VLAI
Summary
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-698 - Execution After Redirect (EAR)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Electronics | DMS(Data Management Server) |
Affected:
2.0.0 , < 2.3.13.1
(custom)
Affected: 2.5.0.17 , < 2.6.14.1 (custom) Affected: 2.7.0.15 , < 2.9.3.6 (custom) |
Date Public
2025-07-29 05:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:06:15.557705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:06:50.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMS(Data Management Server)",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-698",
"description": "CWE-698 Execution After Redirect (EAR)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:03:41.034Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53077",
"datePublished": "2025-07-29T05:03:41.034Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:06:50.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}