CVE-2025-53078
published 2025-07-29CVE-2025-53078: Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.38%
30.3th percentile
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | data_management_server_firmware | >= 2.0.0 < 2.3.13.1 | 2.3.13.1 |
| samsung | data_management_server_firmware | >= 2.5.0.17 < 2.6.14.1 | 2.6.14.1 |
| samsung | data_management_server_firmware | >= 2.7.0.15 < 2.9.3.6 | 2.9.3.6 |
| samsung_electronics | data_management_server | >= 2.0.0 < 2.3.13.1 | 2.3.13.1 |
| samsung_electronics | data_management_server | >= 2.5.0.17 < 2.6.14.1 | 2.6.14.1 |
| samsung_electronics | data_management_server | >= 2.7.0.15 < 2.9.3.6 | 2.9.3.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-738w-9rfq-fjw6: Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
ghsa_unreviewed·2025-07-29
CVE-2025-53078 [HIGH] CWE-502 GHSA-738w-9rfq-fjw6: Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
CISA ICS
Samsung HVAC DMS
cisa_ics·2025-07-29·CVSS 6.5
[MEDIUM] Samsung HVAC DMS
ICS Advisory
##
Samsung HVAC DMS
Release DateJuly 29, 2025
Alert CodeICSA-25-210-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.5
- ATTENTION: Exploitable remotely
- Vendor: Samsung
- Equipment: HVAC DMS
- Vulnerabilities: Execution After Redirect (EAR), Deserialization of Untrusted Data, Absolute Path Traversal, Use of Potentially Dangerous Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Relative Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Samsung HVAC DMS,
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-29
Published