Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild

However, the situation changed dramatically when a research article with technical details and a proof-of-concept exploit was published on April 30, 2025 and within days, Arctic Wolf began observing active exploitation attempts in the wild. As threat actors continue to target internet-facing services, organizations should prioritize patching this vulnerability, especially since the exploit code is now publicly available and the barrier to exploitation is considered low. Arctic Wolf strongly recommends that organizations using Samsung MagicINFO 9 Server upgrade to the latest fixed version 21.1050 and later immediately. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Samsung addressed the vulnerability in version 21.1050, released in late 2024, by modifying the verification logic of user inputs to prevent path traversal attacks. The exploitation activity began just days after technical details and a proof-of-concept exploit were published on April 30, 2025. Organizations should follow their established patching and testing guidelines to minimize potential operational disruptions while addressing this critical security issue. CVE-2024-7399, a high-severity vulnerability affecting Samsung MagicINFO 9 Server, is now being actively exploited by threat actors. Samsung initially disclosed the vulnerability in August 2024, following responsible disclosure by security researchers. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Security experts warn that organizations using the affected software should implement patches immediately. This implementation allows attackers to write specially crafted JavaServer Pages (JSP) files to the server, which can then be executed to run arbitrary code with system-level privileges.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 12:35:16 +0000


Cyber News related to Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild

Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User - A critical security vulnerability has been discovered in Samsung’s MagicINFO digital signage management platform that could allow attackers to execute arbitrary code with system-level privileges without requiring authentication. Security ...
1 month ago Cybersecuritynews.com CVE-2024-7399
Samsung MagicINFO 9 Server RCE flaw now exploited in attacks - Given the active exploitation status of the flaw, it is recommended that system administrators take immediate action to patch CVE-2024-7399 by upgrading the Samsung MagicINFO Server to version 21.1050 or later. Hackers are exploiting an ...
3 weeks ago Bleepingcomputer.com CVE-2024-7399
Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild - However, the situation changed dramatically when a research article with technical details and a proof-of-concept exploit was published on April 30, 2025 and within days, Arctic Wolf began observing active exploitation attempts in the wild. As threat ...
3 weeks ago Cybersecuritynews.com CVE-2024-7399
Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File - This vulnerability stems from insufficient validation of file paths during write operations, allowing remote attackers to bypass directory restrictions and place malicious files anywhere on the system with SYSTEM user privileges. This allows a remote ...
2 weeks ago Cybersecuritynews.com CVE-2024-7399
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
1 year ago Bleepingcomputer.com LAPSUS$
Epic Sues Google, Samsung Over App Store Barriers | Silicon UK - In its new case Epic claims that a month before the Epic Games Store launch in August, Samsung decided to enable Auto Blocker by default, making it more difficult for buyers of new phones to install competing app stores. Epic Games has filed a second ...
7 months ago Silicon.co.uk
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
1 year ago
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
7 months ago Securityaffairs.com CVE-2024-45519 CVE-2024-29849 CVE-2024-41585
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
7 months ago Securityaffairs.com CVE-2024-45519
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 BianLian
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-49103 CVE-2023-22515 APT28 APT29 BianLian
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
10 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
Samsung Galaxy Store Flaws Put Millions of Devices Vulnerable - Researchers have discovered severe security flaws in the Samsung Galaxy Store application. These vulnerabilities put millions of users, including those who use Samsung phones, tablets, smart TVs, and wearables, at risk of cyberattacks. The security ...
2 years ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-22515 APT29 Rocke BianLian
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
11 months ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 Rocke BianLian
Microsoft security bypass bug said to be under exploit The Register - Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was ...
1 year ago Go.theregister.com CVE-2024-26234 CVE-2024-29988 CVE-2024-21322 CVE-2023-48784 CVE-2024-23662 CVE-2024-22246
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian