CVE-2025-53078

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 34.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Electronics Data Management Server Samsung Data Management Server Firmware

Timeline

PublishedJul 29

Description

Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5samsung_electronics/data_management_server2.0.0 — 2.3.13.1+2

▶NVDsamsung/data_management2.0.0 — 2.3.13.1+2

🔴Vulnerability Details

CVEList

CVE-2025-53078: Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system↗2025-07-29

▶

GHSA

GHSA-738w-9rfq-fjw6: Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system↗2025-07-29

▶