CVE-2026-25201

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-25201
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.samsungtv.com/securityUpdates Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:magicinfo_9_server:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2026-02-02 05:16

Updated : 2026-03-10 18:44

NVD link : CVE-2026-25201

Mitre link : CVE-2026-25201

CVE.ORG link : CVE-2026-25201

JSON object : View

Products Affected

samsung

  • magicinfo_9_server
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type