Tech News

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

By Viral Trending Content 3 Min Read

May 14, 2025Ravie LakshmananVulnerability / Malware

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.

The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.

“Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary files as system authority,” according to an advisory for the flaw.

Cybersecurity

It’s worth noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, another path traversal flaw in the same product that was patched by Samsung in August 2024.

CVE-2025-4632 has since been exploited in the wild shortly after the release of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025, in some instances to even deploy the Mirai botnet.

While it was initially assumed that the attacks were targeting CVE-2024-7399, cybersecurity company Huntress first revealed the existence of an unpatched vulnerability last week after finding signs of exploitation even on MagicINFO 9 Server instances running the latest version (21.1050).

In a follow-up report published on May 9, Huntress revealed that three separate incidents that involved the exploitation of CVE-2025-4632, with unidentified actors running an identical set of commands to download additional payloads like “srvany.exe” and “services.exe” on two hosts and executing reconnaissance commands on the third.

Users of the Samsung MagicINFO 9 Server are recommended to apply the latest fixes as soon as possible to safeguard against potential threats.

Cybersecurity

“We have verified that MagicINFO 9 21.1052.0 does mitigate the original issue raised in CVE-2025-4632,” Jamie Levy, director of adversary tactics at Huntress, told The Hacker News.

“Any machine that has versions v8 – v9 21.1050.0 will still be affected by this vulnerability. We’ve also discovered that upgrading from MagicINFO v8 to v9 21.1052.0 is not as straightforward since you have to first upgrade to 21.1050.0 before applying the final patch.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

You Might Also Like

AirPods Pro 3 Leak: New ‘Visual Intelligence’ Cameras Revealed

Critical flaw in Protobuf library enables JavaScript code execution

Google Pixel Glow Designs Shown by Gemini

Old Oil and Gas Wells Could Find Second Life Producing Clean Energy

NIST to stop rating non-priority flaws due to volume increase

TAGGED: , , , , , , , , ,
Share This Article
Previous Article Pak conflict: Indian QSR stock with Turkey ops in crossfire amid boycott calls
Next Article Celtic score five again as they thrash Aberdeen
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

AirPods Pro 3 Leak: New ‘Visual Intelligence’ Cameras Revealed
Tech News
Critical flaw in Protobuf library enables JavaScript code execution
Tech News
Raducanu in line for Keys clash as Brit prepares for first clay tournament of 2026
Sports
DOJ accuses Yale of discriminating against Asian, white students with ‘race-based admissions program’
Business
Libya football riots spread to Tripoli as fans torch government building
World News
OpenAI partners with Malta to give all citizens free ChatGPT Plus access
Crypto
Crypto ATM Giant Bitcoin Depot Warns Of Possible Collapse
Crypto
Lost your password?