CVE-2025-57836
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-01-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | magician | From 6.3.0 (inc) to 8.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Samsung Magician installer versions 6.3.0 through 8.3.2 on Windows. During installation, the installer creates a temporary folder with weak permissions, which allows a non-administrative user to perform DLL hijacking. This means an attacker can inject malicious DLL files into the installation process, leading to privilege escalation. [1]
How can this vulnerability impact me? :
The vulnerability can allow a non-admin user to escalate their privileges on the affected system by exploiting DLL hijacking during the installation of Samsung Magician. This could lead to unauthorized access or control over system components that normally require higher privileges. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking the permissions of temporary folders created by the Samsung Magician installer during installation. Specifically, verify if any temporary installation folders have weak permissions that allow non-admin users to write or modify files, which could enable DLL hijacking. On Windows, you can use PowerShell commands such as 'Get-Acl' to inspect folder permissions. For example, identify the temporary folder path used during installation and run: Get-Acl -Path <folder_path> | Format-List. Additionally, monitoring for unexpected DLL loads or suspicious processes during installation may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of Samsung Magician installer versions 6.3.0 through 8.3.2 until a patched version is available. If installation is necessary, ensure that the temporary folders created during installation have secure permissions that restrict write access to administrators only. Running the installer with administrative privileges and in a controlled environment can reduce risk. Additionally, monitor and restrict non-admin user access to installation directories and temporary folders to prevent DLL hijacking and privilege escalation. [1]