CVE Daily

CVE-2025-54438

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...

Critical CVSS 9.8

Overview

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

CWE: CWE-22 Published: 2025-07-23T06:15:24.167
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: path (tag impact: MODERATE)

Recommended actions:

  • Canonicalize path; block `..` traversal; use allowlists.

Recommended tools

Tags