Vulnerabilites related to Samsung Electronics - DMS(Data Management Server)
CVE-2025-53077 (GCVE-0-2025-53077)
Vulnerability from cvelistv5
Published
2025-07-29 05:03
Modified
2025-07-29 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-698 - Execution After Redirect (EAR)
Summary
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | DMS(Data Management Server) |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:06:15.557705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:06:50.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMS(Data Management Server)",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-698",
"description": "CWE-698 Execution After Redirect (EAR)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:03:41.034Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53077",
"datePublished": "2025-07-29T05:03:41.034Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:06:50.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}