CVE-2025-57836
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-05

Last updated on: 2026-01-08

Assigner: MITRE

Description
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57836
EUVD
EUVD-2026-0832
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
samsung magician From 6.3.0 (inc) to 8.3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Samsung Magician installer versions 6.3.0 through 8.3.2 on Windows. During installation, the installer creates a temporary folder with weak permissions, which allows a non-administrative user to perform DLL hijacking. This means an attacker can inject malicious DLL files into the installation process, leading to privilege escalation. [1]

Impact Analysis

The vulnerability can allow a non-admin user to escalate their privileges on the affected system by exploiting DLL hijacking during the installation of Samsung Magician. This could lead to unauthorized access or control over system components that normally require higher privileges. [1]

Detection Guidance

Detection involves checking the permissions of temporary folders created by the Samsung Magician installer during installation. Specifically, verify if any temporary installation folders have weak permissions that allow non-admin users to write or modify files, which could enable DLL hijacking. On Windows, you can use PowerShell commands such as 'Get-Acl' to inspect folder permissions. For example, identify the temporary folder path used during installation and run: Get-Acl -Path <folder_path> | Format-List. Additionally, monitoring for unexpected DLL loads or suspicious processes during installation may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of Samsung Magician installer versions 6.3.0 through 8.3.2 until a patched version is available. If installation is necessary, ensure that the temporary folders created during installation have secure permissions that restrict write access to administrators only. Running the installer with administrative privileges and in a controlled environment can reduce risk. Additionally, monitor and restrict non-admin user access to installation directories and temporary folders to prevent DLL hijacking and privilege escalation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57836. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart