Critical Samsung MagicINFO Flaw Exploited Days After PoC Release

TL;DR

A high-severity vulnerability in Samsung MagicINFO, identified as CVE-2024-7399, has been exploited by threat actors just days after a proof-of-concept (PoC) exploit was publicly released. The flaw allows unauthenticated attackers to execute arbitrary code with system-level access.

Critical Samsung MagicINFO Flaw Exploited Days After PoC Release

Threat Actors Quickly Exploit Samsung MagicINFO Vulnerability

Threat actors have begun exploiting a high-severity vulnerability in the Samsung MagicINFO content management system (CMS) just days after a proof-of-concept (PoC) exploit was published. This vulnerability, tracked as CVE-2024-7399 with a CVSS score of 8.8, allows attackers to write arbitrary files with system authority due to improper pathname limitations¹.

Vulnerability Details and Impact

CVE-2024-7399 affects Samsung MagicINFO 9 Server versions prior to 21.1050. The flaw enables unauthenticated users to upload JavaServer Pages (JSP) files, leading to remote code execution with system-level access. This vulnerability was first disclosed by Samsung in August 2024, but there were no signs of exploitation until the PoC was released on April 30, 2025¹.

Arctic Wolf Research Findings

According to a report by Arctic Wolf, the vulnerability allows for arbitrary file writing by unauthenticated users. This can ultimately lead to remote code execution when specially crafted JSP files are written. The ease of exploitation and the public availability of the PoC have led experts to believe that attacks will likely continue².

Samsung’s Response and Mitigation

Samsung addressed the vulnerability with the release of MagicINFO 9 Server version 21.1050 in August 2024. However, the public PoC has made it easier for threat actors to exploit this flaw. Arctic Wolf continues to monitor for malicious activities related to this vulnerability and will alert its Managed Detection and Response customers as needed².

Expert Warnings and Future Implications

Given the low barrier to exploitation and the availability of a public PoC, threat actors are likely to continue targeting this vulnerability. Organizations using Samsung MagicINFO are urged to update to the latest version to mitigate risks¹.

Follow for More Updates

Follow me on Twitter, Facebook, and Mastodon for more updates.

Pierluigi Paganini

For more details, visit the full article: source

Conclusion

The rapid exploitation of the CVE-2024-7399 vulnerability in Samsung MagicINFO highlights the importance of timely patching and monitoring for cyber threats. Organizations must stay vigilant and proactive in their security measures to protect against such vulnerabilities.

Additional Resources

For further insights, check:

• Samsung Security Updates
• SSD Disclosure Advisory

References

1. Security Affairs (2025). “Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published”. Security Affairs. Retrieved 2025-05-06. ↩︎ ↩︎² ↩︎³

2. Arctic Wolf (2025). “CVE-2024-7399: Critical Vulnerability in Samsung MagicINFO”. Arctic Wolf. Retrieved 2025-05-06. ↩︎ ↩︎²