Follow-Up: Samsung Patches Zero-Day Vulnerability in MagicINFO 9 Server (CVE-2025-4632)

Arctic Wolf reports a high-severity path traversal zero-day (CVE-2025-4632) in Samsung MagicINFO 9 Server that permits unauthenticated arbitrary file writes and possible RCE; PoC exploits and related suspicious activity were observed in the wild. Samsung released fixes (version 21.1052) on May 13, 2025, and Arctic Wolf recommends applying the update and removing any internet-exposed MagicINFO 9 instances while monitoring for post-compromise activity.