CVE-2026-25201
Arbitrary File Upload in MagicINFO 9 Server Enables RCE
Publication date: 2026-02-02
Last updated on: 2026-02-02
Assigner: Samsung TV & Appliance
Description
Description
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server.
This issue affects MagicINFO 9 Server: less than 21.1090.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| samsung | magicinfo_9_server | to 21.1090.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated user to upload arbitrary files to the MagicInfo9 Server, which can then be used to execute remote code. This can lead to privilege escalation on the affected server.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized remote code execution and privilege escalation, potentially allowing attackers to take control of the MagicInfo9 Server, compromise data, disrupt services, or perform malicious actions with elevated privileges.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2026-02-02
CVE Last Modified Date:
2026-02-02
Report Generation Date:
2026-02-10
AI Powered Q&A Generation:
2026-02-02
EPSS Last Evaluated Date:
2026-02-09
NVD Report Link: