SRC-2025-0001 : Samsung MagicINFO 9 Server ResponseBootstrappingActivity Exposed Dangerous Method Remote Code Execution Vulnerability

CVE ID: CVE-2025-UNKNOWN

CVSS Score: 6.6, (/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected Vendors: Samsung

Affected Products: MagicINFO <= 21.1080.0

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO. Authentication is required and SaaS environment needs to be configured.

The specific flaw exists within ability to dynamically create FTP accounts. An attacker can create an FTP account and upload dangerous files resulting in remote code execution as SYSTEM.

Vendor Response:

Samsung has issued an update to correct this vulnerability. More details can be found at: https://security.samsungtv.com/securityUpdates

Disclosure Timeline:

• 2025-08-13 – Vulnerability reported to [email protected]

• 2025-08-14 – Acknowledgement of submission from the vendor

• 2026-01-28 – Coordinated public release of advisory

Proof of Concept: /pocs/src-2025-0001.py.txt

Credit: This vulnerability was discovered by Steven Seeley of Source Incite