Samsung MagicINFO Vulnerability Exploited Days After Public PoC Release
Cybersecurity firm Arctic Wolf has raised an alert over the active exploitation of a critical vulnerability in Samsung’s MagicINFO content management system (CMS), occurring just days after proof-of-concept (PoC) exploit code was publicly released.
The flaw, tracked as CVE-2024-7399 and carrying a CVSS score of 8.8, stems from improper restriction of file path access in MagicINFO 9 Server. The vulnerability allows unauthenticated attackers to write arbitrary files with system-level privileges, potentially leading to remote code execution.
Due to the system’s failure to validate file names, extensions, and user authentication status, threat actors can upload malicious JSP (JavaServer Pages) files, execute server-side code, and gain complete control of the system.
“The vulnerability enables arbitrary file writes without authentication and can result in remote code execution when specially crafted JSP files are uploaded,” said Arctic Wolf researchers.
Samsung addressed the issue in MagicINFO 9 Server version 21.1050, released in August 2024, but did not publicly acknowledge any exploitation at the time.
However, Arctic Wolf observed in-the-wild attacks beginning shortly after the PoC and technical analysis were published online on April 30, 2025.
“With the low complexity of the exploit and readily available PoC code, this vulnerability will likely remain a target for threat actors,” Arctic Wolf warned.
MagicINFO is a comprehensive platform used for content creation, device management, and data monitoring across networked displays. Given the severity of this flaw, organizations are strongly urged to upgrade to version 21.1050 or later immediately to mitigate risk.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
