CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.
May 15, 2025 By Alexander Culafi
Threat actors are exploiting a vulnerability in Samsung's digital signage management product MagicINFO Server 9.
On April 30, a proof-of-concept (POC) exploit was published for CVE-2025-4632, a vulnerability impacting current versions of Samsung MagicINFO 9 Server, a content and device management tool used to run digital display signage for organizations. The POC bypasses versions patched against CVE-2024-7399, a restricted directory vulnerability disclosed and fixed last year, up to and including 21.1050.
The National Vulnerability Database described CVE-2025-4632 as occurring when "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority." The critical vulnerability was assigned a base CVSS 3.1 score of 9.8 — one of the highest scores possible.
