Samsung Magicinfo 9 Server — known CVE vulnerabilities
Every CVE whose affected-product data names Samsung Magicinfo 9 Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2025-54449 — CVSS 9.8 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54451 — CVSS 9.8 (critical): Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code…
CVE-2026-25200 — CVSS 9.8 (critical): A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can…
CVE-2025-54448 — CVSS 9.8 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54440 — CVSS 9.8 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54438 — CVSS 9.8 (critical): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server…
CVE-2025-54442 — CVSS 9.8 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54443 — CVSS 9.8 (critical): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server…
CVE-2025-54444 — CVSS 9.8 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2026-25202 — CVSS 9.8 (critical): The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue…
CVE-2025-54446 — CVSS 9.8 (critical): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server…
CVE-2025-54454 — CVSS 9.1 (critical): Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects…
CVE-2025-54455 — CVSS 9.1 (critical): Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects…
CVE-2025-54439 — CVSS 8.8 (high): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54441 — CVSS 8.8 (high): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54453 — CVSS 8.8 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server…
CVE-2026-25201 — CVSS 8.8 (high): An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue…
CVE-2025-54445 — CVSS 8.2 (high): Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request…
CVE-2025-54447 — CVSS 8.1 (high): Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue…
CVE-2025-54450 — CVSS 7.2 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server…