Samsung Secures Critical Vulnerability in Digital Signage System

By Netvora Tech News

---

Samsung has quietly patched a critical vulnerability in its MagicINFO 9 content management system, which could have allowed attackers to take control of digital signage displays remotely. The vulnerability, identified as CVE-2025-4632, enables an unauthenticated attacker to write arbitrary files to the server as a system authority through path traversal. MagicINFO 9 is a content management system used to control digital signage displays, commonly found in buildings, stores, and other public areas. The vulnerability allows an attacker to exploit the system's weaknesses and gain unauthorized access to the server, potentially leading to data breaches or other malicious activities. The impact of the vulnerability is rated 9.8 out of 10, indicating its high severity. Samsung has released an update that modifies the verification logic of the input, effectively patching the vulnerability. It's worth noting that earlier this month, researchers warned about a botnet using the Mirai malware to exploit this exact vulnerability. The US Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that the vulnerability is being actively exploited. Samsung's swift patching of the vulnerability demonstrates the company's commitment to securing its products and mitigating potential risks to its customers. It's essential for organizations using MagicINFO 9 to ensure they have applied the latest updates to prevent potential attacks.

• The vulnerability, identified as CVE-2025-4632, allows attackers to write arbitrary files to the server as a system authority.
• The impact of the vulnerability is rated 9.8 out of 10, indicating its high severity.
• Samsung has released an update that modifies the verification logic of the input, effectively patching the vulnerability.
• The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerability is being actively exploited.