However, the situation changed dramatically when a research article with technical details and a proof-of-concept exploit was published on April 30, 2025 and within days, Arctic Wolf began observing active exploitation attempts in the wild. As threat actors continue to target internet-facing services, organizations should prioritize patching this vulnerability, especially since the exploit code is now publicly available and the barrier to exploitation is considered low. Arctic Wolf strongly recommends that organizations using Samsung MagicINFO 9 Server upgrade to the latest fixed version 21.1050 and later immediately. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Samsung addressed the vulnerability in version 21.1050, released in late 2024, by modifying the verification logic of user inputs to prevent path traversal attacks. The exploitation activity began just days after technical details and a proof-of-concept exploit were published on April 30, 2025. Organizations should follow their established patching and testing guidelines to minimize potential operational disruptions while addressing this critical security issue. CVE-2024-7399, a high-severity vulnerability affecting Samsung MagicINFO 9 Server, is now being actively exploited by threat actors. Samsung initially disclosed the vulnerability in August 2024, following responsible disclosure by security researchers. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Security experts warn that organizations using the affected software should implement patches immediately. This implementation allows attackers to write specially crafted JavaServer Pages (JSP) files to the server, which can then be executed to run arbitrary code with system-level privileges.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 12:35:16 +0000