CVE Daily

CVE-2025-54445

Improper Restriction of XML External Entity Reference vulnerability in Samsung E...

High CVSS 8.2

Overview

Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.

CWE: CWE-611 Published: 2025-07-23T06:15:26.643
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.2 (HIGH)
  • Detected tags: ssrf, xxe (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.
  • Disable external entities in XML parsers; use safe libraries.

Recommended tools

Tags