CVE-2026-25201 – An unauthenticated attacker can upload arbitrar... (How to Fix)

Q: What is the severity of CVE-2026-25201?

CVE-2026-25201 has a CVSS score of 8.8 (HIGH). An unauthenticated attacker can upload arbitrary files to MagicInfo9 Server, leading to remote code execution and privilege escalation. This affects MagicINFO 9 Server versions before 21.1090.1, allowing complete system compromise.

📋 TL;DR

An unauthenticated attacker can upload arbitrary files to MagicInfo9 Server, leading to remote code execution and privilege escalation. This affects MagicINFO 9 Server versions before 21.1090.1, allowing complete system compromise.

💻 Affected Systems

Products:

MagicINFO 9 Server

Versions: All versions less than 21.1090.1

Operating Systems: Windows (based on typical MagicINFO deployments)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations with no authentication required for file upload functionality.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system takeover with administrative privileges, data exfiltration, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Remote code execution leading to malware installation, data theft, and persistent backdoor access to the server.

🟢

If Mitigated

Limited impact if proper network segmentation and file upload restrictions are in place, though risk remains significant.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows direct attacks from the internet without credentials.

🏢 Internal Only: HIGH - Even internally, unauthenticated access makes this easily exploitable by any network user.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated file upload to RCE is a common attack pattern with readily available exploit techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.1090.1 or later

Vendor Advisory: https://security.samsungtv.com/securityUpdates

Restart Required: Yes

Instructions:

1. Download MagicINFO 9 Server version 21.1090.1 or later from Samsung's official site. 2. Backup current configuration and data. 3. Install the update following Samsung's installation guide. 4. Restart the server to apply changes.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to MagicINFO Server to only trusted IP addresses or internal network segments.

Use firewall rules to block external access to MagicINFO Server ports

File Upload Restrictions

all

Implement web application firewall rules to block suspicious file uploads and executable content.

Configure WAF to block file uploads with executable extensions (.exe, .php, .jsp, etc.)

🧯 If You Can't Patch

Isolate the MagicINFO Server in a dedicated network segment with strict firewall rules
Implement application-level authentication and file type validation for all upload functionality

🔍 How to Verify

Check if Vulnerable:

Check MagicINFO Server version in administration interface or installation directory properties.

Check Version:

Check MagicINFO Server About section or installation directory for version information

Verify Fix Applied:

Confirm version is 21.1090.1 or higher in the server administration panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to MagicINFO Server, unexpected process execution, failed authentication attempts

Network Indicators:

HTTP POST requests with file uploads to MagicINFO endpoints, outbound connections from MagicINFO Server to unknown IPs

SIEM Query:

source="magicinfo" AND (event="file_upload" OR event="process_execution")

📊 Metadata

CVE ID: CVE-2026-25201

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://security.samsungtv.com/securityUpdates