CVE-2026-25201

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.samsungtv.com/securityUpdates	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*

History

10 Mar 2026, 18:44

Type	Values Removed	Values Added
References	~~() https://security.samsungtv.com/securityUpdates -~~	() https://security.samsungtv.com/securityUpdates - Vendor Advisory
First Time		Samsung Samsung magicinfo 9 Server
CPE		cpe:2.3:a:samsung:magicinfo_9_server::::::::
Summary		(es) Un usuario no autenticado puede cargar archivos arbitrarios para ejecutar código remoto, lo que lleva a una escalada de privilegios en el servidor MagicInfo9. Este problema afecta a MagicINFO 9 Server: versiones anteriores a 21.1090.1.

02 Feb 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-02 05:16

Updated : 2026-03-10 18:44

NVD link : CVE-2026-25201

Mitre link : CVE-2026-25201

CVE.ORG link : CVE-2026-25201

JSON object : View

Products Affected

samsung

magicinfo_9_server

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

8.8 /10