The exploitation of a high-severity vulnerability in the Samsung MagicINFO content management system (CMS) began within days after proof-of-concept (PoC) exploit code targeting it was made public, cybersecurity firm Arctic Wolf warns.
Tracked as CVE-2024-7399 (CVSS score of 8.8), the issue is described as an “improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server” that could be exploited to write arbitrary files with system privileges.
Because the CMS does not properly sanitize a filename input, failing to validate the file extension and whether the user is authenticated, an unauthenticated attacker could upload JSP files and execute arbitrary server-side code with system privileges.
“The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages (JSP) files,” Arctic Wolf notes.
Samsung patched the security defect in MagicINFO 9 Server version 21.1050, which was released in August 2024.
While the company has made no mention of the flaw’s exploitation, Arctic Wolf noticed it being targeted in the wild after a technical writeup and PoC code were published on April 30, 2025.
“Given the low barrier to exploitation and the availability of a public PoC, threat actors are likely to continue targeting this vulnerability,” the cybersecurity firm notes.
Organizations and end-users are advised to update to MagicINFO 9 Server version 21.1050 or newer as soon as possible.
An all-in-one solution for content, device, and data management, MagicINFO can be used to create and distribute content to an organization’s linked displays, as well as to remotely manage and secure the displays.
Related: Android Update Patches FreeType Vulnerability Exploited as Zero-Day
Related: Google Warns of Samsung Zero-Day Exploited in the Wild
Related: SonicWall Flags Two More Vulnerabilities as Exploited
Related: Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment
