Samsung Electronics Magicinfo 9 Server vulnerabilities

CVE-2026-25203 [HIGH] CWE-276 CVE-2026-25203: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

CVE-2026-25200 [CRITICAL] CWE-434 CVE-2026-25200: A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentica A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.

CVE-2026-25202 [CRITICAL] CWE-798 CVE-2026-25202: The database account and password are hardcoded, allowing login with the account to manipulate the d The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.

CVE-2026-25201 [HIGH] CWE-434 CVE-2026-25201: An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege esca An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

CVE-2025-54450 [HIGH] CWE-22 CVE-2025-54450: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54438 [CRITICAL] CWE-22 CVE-2025-54438: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

CVE-2025-54447 [HIGH] CWE-434 CVE-2025-54447: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54452 [HIGH] CWE-287 CVE-2025-54452: Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authenticatio Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54448 [CRITICAL] CWE-434 CVE-2025-54448: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54451 [CRITICAL] CWE-94 CVE-2025-54451: Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics Magic Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54445 [HIGH] CWE-611 CVE-2025-54445: Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54455 [CRITICAL] CWE-798 CVE-2025-54455: Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authent Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54453 [HIGH] CWE-22 CVE-2025-54453: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54444 [CRITICAL] CWE-434 CVE-2025-54444: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54443 [CRITICAL] CWE-22 CVE-2025-54443: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

CVE-2025-54440 [CRITICAL] CWE-434 CVE-2025-54440: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54442 [CRITICAL] CWE-434 CVE-2025-54442: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54446 [CRITICAL] CWE-22 CVE-2025-54446: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

CVE-2025-54449 [CRITICAL] CWE-434 CVE-2025-54449: Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CVE-2025-54454 [CRITICAL] CWE-798 CVE-2025-54454: Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authent Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.