Patches have been provided by Samsung for a critical path traversal vulnerability in its MagicINFO 9 Server, tracked as CVE-2025-4632, which has been leveraged to spread the Mirai botnet, reports The Hacker News.
Attacks exploiting the flaw which stems from an improper pathname limitation that could enable arbitrary file write commenced following SSD Disclosure's release of a proof-of-concept on April 30. Samsung's release of fixes comes after the security defect was reported by Huntress researchers to have been abused across three different incidents that involved the execution of identical commands to enable further payload downloads and reconnaissance activity. "Any machine that has versions v8 - v9 21.1050.0 will still be affected by this vulnerability. We've also discovered that upgrading from MagicINFO v8 to v9 21.1052.0 is not as straightforward since you have to first upgrade to 21.1050.0 before applying the final patch," said Huntress Director of Adversary Tactics Jamie Levy.
Attacks exploiting the flaw which stems from an improper pathname limitation that could enable arbitrary file write commenced following SSD Disclosure's release of a proof-of-concept on April 30. Samsung's release of fixes comes after the security defect was reported by Huntress researchers to have been abused across three different incidents that involved the execution of identical commands to enable further payload downloads and reconnaissance activity. "Any machine that has versions v8 - v9 21.1050.0 will still be affected by this vulnerability. We've also discovered that upgrading from MagicINFO v8 to v9 21.1052.0 is not as straightforward since you have to first upgrade to 21.1050.0 before applying the final patch," said Huntress Director of Adversary Tactics Jamie Levy.
