CVE-2025-54450 – This path traversal vulnerability in Samsung Ma... (How to Fix)

Q: What is the severity of CVE-2025-54450?

CVE-2025-54450 has a CVSS score of 7.2 (HIGH). This path traversal vulnerability in Samsung MagicINFO 9 Server allows attackers to escape restricted directories and inject malicious code. It affects all MagicINFO 9 Server installations running versions below 21.1080.0, potentially compromising the entire server.

📋 TL;DR

This path traversal vulnerability in Samsung MagicINFO 9 Server allows attackers to escape restricted directories and inject malicious code. It affects all MagicINFO 9 Server installations running versions below 21.1080.0, potentially compromising the entire server.

💻 Affected Systems

Products:

Samsung MagicINFO 9 Server

Versions: All versions less than 21.1080.0

Operating Systems: Windows Server (typically)

Default Config Vulnerable: ⚠️ Yes

Notes: MagicINFO is typically deployed on Windows Server environments for digital signage management

📦 What is this software?

Magicinfo 9 Server by Samsung

View all CVEs affecting Magicinfo 9 Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to remote code execution, data theft, and lateral movement within the network

🟠

Likely Case

Unauthorized file access, configuration modification, and potential code execution on the MagicINFO server

🟢

If Mitigated

Limited to directory traversal attempts that are blocked by proper input validation

🌐 Internet-Facing: HIGH - MagicINFO servers are often exposed to manage digital signage networks

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this if they have network access

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.1080.0 or later

Vendor Advisory: https://security.samsungtv.com/securityUpdates

Restart Required: Yes

Instructions:

1. Download MagicINFO 9 Server version 21.1080.0 or later from Samsung's official portal. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart the server and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to MagicINFO server to only trusted management systems

Web Application Firewall Rules

all

Block path traversal patterns in web requests

WAF rule to block requests containing '../', '..\', or similar traversal sequences

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the MagicINFO server
Monitor for suspicious file access patterns and directory traversal attempts in server logs

🔍 How to Verify

Check if Vulnerable:

Check MagicINFO Server version in the application interface or Windows Programs and Features

Check Version:

Check MagicINFO Server About dialog or Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\Samsung\MagicINFO\Version

Verify Fix Applied:

Confirm version is 21.1080.0 or higher and test directory traversal attempts are blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../', '..\', or encoded traversal sequences
Unusual file access patterns outside expected directories

Network Indicators:

HTTP requests with path traversal payloads to MagicINFO endpoints
Unexpected outbound connections from MagicINFO server

SIEM Query:

source="magicinfo_logs" AND (http_uri="*../*" OR http_uri="*..\\*")

📊 Metadata

CVE ID: CVE-2025-54450

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.1% exploit probability (28.1th percentile)

Published: July 23, 2025

Last Updated: July 28, 2025

🔗 References

https://security.samsungtv.com/securityUpdates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54450, you might also want to check these: