<ul><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung MagicINFO 9 Server vulnerability, tracked as CVE-2025-4632 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>The vulnerability is an improper limitation of a pathname to a restricted directory vulnerability that impacts Samsung MagicINFO 9 Server version before 21.1052, allowing attackers to write arbitrary files as system authority.</li><li>CISA issued Binding Operational Directive (BOD) 22-01 to address identified vulnerabilities by June 12, 2025, for Federal Civilian Executive Branch (FCEB) agencies, urging private organizations to review the Catalog and address vulnerabilities in their infrastructure.</li><li>This week, CISA also added Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog.</li></ul>

U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog

Discover more