MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025
CVE: CVE-2025-4632

Background

MagicINFO is digital signage software from Samsung.

Problem

A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using an HTTP request, leading to command execution.

Resolution

No fix was available at the time of this writing. Do not use the vulnerable software until a fix is available.

References

https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/

Limitations

After successful exploitation, the snt*.jsp files need to be removed from the MagicInfo folder.

Platforms

Windows

Back to exploit index