CVE-2025-4632
ENISA EUVD: EUVD-2025-14362 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 20, 2026
1 article
Published: 2025-05-13
EPSS Score
Source: FIRST.org · 2026-05-23
42.6%
probability
This CVE has a 42.6% probability
of being exploited in the next 30 days.
0%
Top 97.5th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
Affected Products
Samsung Electronics
MagicINFO 9 Server
0
Attack Intelligence
Exploits & PoC
0
2025-06-04
digitalsurgn/CVE-2025-4632_POC
This repository contains a Python replication script for CVE-2025-4632, an Unauthenticated Remote Code Execution (RCE) vulnerability in Samsung MagicI
0
2026-05-06
2 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
78%
EPSS
42.6%
CVSS v3.1
9.8
Mentions
1
CNA Information
CNA Assigner
samsung.tv_appliance
Analyst Note
CVE-2025-4632 is a 2025 vulnerability in Samsung MagicINFO 9 with CVSS 9.8 that has been actively exploited in the wild to deploy Mirai botnet variants. The article explicitly states Samsung released patches to address this actively exploited flaw, indicating exploitation occurred concurrent with or prior to patch availability. The recent CVE year (2025), active exploitation documentation, and vendor patch release strongly support zero-day classification.
Triage Info
Decided atMar 20, 2026
Published DateMay 13, 2025