Samsung Server Snafu: MagicINFO 9 Vulnerability Joins CISA’s Naughty List

CISA has added a Samsung MagicINFO 9 Server flaw to its catalog, giving hackers a new playground with a CVSS score of 9.8. Now, attackers can write arbitrary files as system authority. Federal agencies have until June 12, 2025, to fix this vulnerability.

3P
Published: May 22, 2025 11:07 pmAdded: May 22, 2025 at 4:41 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, Samsung MagicINFO 9 Server, you had one job—to keep your directory nice and restricted. But instead, you’re handing out file-writing privileges like they’re party favors at a cyber-criminal convention. Someone tell CISA they’ve got a new headliner for their Vulnerabilities Catalog tour!

Key Points:

  • CISA adds Samsung MagicINFO 9 Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
  • The vulnerability (CVE-2025-4632) has a CVSS score of 9.8, signaling a critical severity level.
  • The flaw allows attackers to write arbitrary files as system authority, potentially compromising systems.
  • Federal agencies must patch this and other vulnerabilities by June 12, 2025, per CISA’s directive.
  • Other recent additions to the KEV catalog include vulnerabilities in Ivanti EPMM, MDaemon Email Server, and more.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?