Vulnerabilites related to samsung - data_management_server
CVE-2025-53078 (GCVE-0-2025-53078)
Vulnerability from cvelistv5
Published
2025-07-29 05:04
Modified
2025-07-29 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | Data Management Server |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:01:11.042631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:02:48.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
}
],
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:04:18.477Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53078",
"datePublished": "2025-07-29T05:04:18.477Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:02:48.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53080 (GCVE-0-2025-53080)
Vulnerability from cvelistv5
Published
2025-07-29 05:05
Modified
2025-07-29 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | Data Management Server |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:44:19.342107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:44:48.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:05:14.690Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53080",
"datePublished": "2025-07-29T05:05:14.690Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:44:48.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53082 (GCVE-0-2025-53082)
Vulnerability from cvelistv5
Published
2025-07-29 05:08
Modified
2025-07-29 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | Data Management Server |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:37:17.859033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:37:47.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:08:25.846Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53082",
"datePublished": "2025-07-29T05:08:25.846Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:37:47.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4284 (GCVE-0-2010-4284)
Vulnerability from cvelistv5
Published
2011-05-09 22:00
Modified
2024-09-16 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#236668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/236668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-09T22:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#236668",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/236668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#236668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/236668"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-4284",
"datePublished": "2011-05-09T22:00:00Z",
"dateReserved": "2010-11-17T00:00:00Z",
"dateUpdated": "2024-09-16T18:18:07.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53081 (GCVE-0-2025-53081)
Vulnerability from cvelistv5
Published
2025-07-29 05:06
Modified
2025-07-29 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | Data Management Server |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:38:37.870302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:39:26.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:08:56.100Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53081",
"datePublished": "2025-07-29T05:06:47.194Z",
"dateReserved": "2025-06-24T23:17:22.557Z",
"dateUpdated": "2025-07-29T14:39:26.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53077 (GCVE-0-2025-53077)
Vulnerability from cvelistv5
Published
2025-07-29 05:03
Modified
2025-07-29 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-698 - Execution After Redirect (EAR)
Summary
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | DMS(Data Management Server) |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T15:06:15.557705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T15:06:50.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DMS(Data Management Server)",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-698",
"description": "CWE-698 Execution After Redirect (EAR)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:03:41.034Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53077",
"datePublished": "2025-07-29T05:03:41.034Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T15:06:50.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53079 (GCVE-0-2025-53079)
Vulnerability from cvelistv5
Published
2025-07-29 05:04
Modified
2025-07-29 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-36 - Absolute Path Traversal
Summary
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Electronics | Data Management Server |
Version: 2.0.0 < 2.3.13.1 Version: 2.5.0.17 < 2.6.14.1 Version: 2.7.0.15 < 2.9.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T14:49:55.925035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T14:51:16.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Data Management Server",
"vendor": "Samsung Electronics",
"versions": [
{
"lessThan": "2.3.13.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.14.1",
"status": "affected",
"version": "2.5.0.17",
"versionType": "custom"
},
{
"lessThan": "2.9.3.6",
"status": "affected",
"version": "2.7.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team82"
}
],
"datePublic": "2025-07-29T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
}
],
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T05:04:48.482Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53079",
"datePublished": "2025-07-29T05:04:48.482Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-07-29T14:51:16.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-07-29 05:15
Modified
2025-08-11 19:05
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT@samsung.com | https://security.samsungda.com/securityUpdates.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254",
"versionEndExcluding": "2.3.13.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB",
"versionEndExcluding": "2.6.14.1",
"versionStartIncluding": "2.5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5",
"versionEndExcluding": "2.9.3.6",
"versionStartIncluding": "2.7.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"
},
{
"lang": "es",
"value": "La deserializaci\u00f3n de datos no confiables en Samsung DMS(Data Management Server) permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la escritura de archivos en el sistema."
}
],
"id": "CVE-2025-53078",
"lastModified": "2025-08-11T19:05:57.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "PSIRT@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T05:15:31.817",
"references": [
{
"source": "PSIRT@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"sourceIdentifier": "PSIRT@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 06:15
Modified
2025-08-11 19:11
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT@samsung.com | https://security.samsungda.com/securityUpdates.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254",
"versionEndExcluding": "2.3.13.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB",
"versionEndExcluding": "2.6.14.1",
"versionStartIncluding": "2.5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5",
"versionEndExcluding": "2.9.3.6",
"versionStartIncluding": "2.7.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An \u0027Arbitrary File Deletion\u0027 in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
},
{
"lang": "es",
"value": "Una \"Eliminaci\u00f3n arbitraria de archivos\" en Samsung DMS(Data Management Server) permite a los atacantes eliminar archivos arbitrarios de ubicaciones no deseadas en el sistema de archivos. La explotaci\u00f3n est\u00e1 restringida a direcciones IP privadas espec\u00edficas y autorizadas."
}
],
"id": "CVE-2025-53082",
"lastModified": "2025-08-11T19:11:12.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "PSIRT@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T06:15:23.710",
"references": [
{
"source": "PSIRT@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"sourceIdentifier": "PSIRT@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 06:15
Modified
2025-08-11 19:10
Severity ?
6.4 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT@samsung.com | https://security.samsungda.com/securityUpdates.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254",
"versionEndExcluding": "2.3.13.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB",
"versionEndExcluding": "2.6.14.1",
"versionStartIncluding": "2.5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5",
"versionEndExcluding": "2.9.3.6",
"versionStartIncluding": "2.7.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An \u0027Arbitrary File Creation\u0027 in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses."
},
{
"lang": "es",
"value": "Una \"Creaci\u00f3n de Archivos Arbitrarios\" en Samsung DMS(Data Management Server) permite a los atacantes crear archivos arbitrarios en ubicaciones no deseadas del sistema de archivos. La explotaci\u00f3n est\u00e1 restringida a direcciones IP privadas espec\u00edficas y autorizadas."
}
],
"id": "CVE-2025-53081",
"lastModified": "2025-08-11T19:10:11.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.5,
"source": "PSIRT@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T06:15:22.660",
"references": [
{
"source": "PSIRT@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"sourceIdentifier": "PSIRT@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 05:15
Modified
2025-08-11 19:06
Severity ?
Summary
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT@samsung.com | https://security.samsungda.com/securityUpdates.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254",
"versionEndExcluding": "2.3.13.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB",
"versionEndExcluding": "2.6.14.1",
"versionStartIncluding": "2.5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5",
"versionEndExcluding": "2.9.3.6",
"versionStartIncluding": "2.7.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"
},
{
"lang": "es",
"value": "Path Traversal absoluto en Samsung DMS(Data Management Server) permite que un atacante autenticado (administrador) lea archivos confidenciales"
}
],
"id": "CVE-2025-53079",
"lastModified": "2025-08-11T19:06:08.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T05:15:31.980",
"references": [
{
"source": "PSIRT@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"sourceIdentifier": "PSIRT@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-36"
}
],
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-09 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/236668 | Patch, US Government Resource | |
| cret@cert.org | http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf | Patch, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/236668 | Patch, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf | Patch, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server | * | |
| samsung | data_management_server | 1.3.3 | |
| samsung | data_management_server | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:data_management_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D57A57A-493B-49B3-ABEC-32224EAF0CB1",
"versionEndIncluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samsung:data_management_server:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA476F0-16A4-4C01-A853-3111CF7903C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samsung:data_management_server:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E87B10B1-1BC2-4ADF-B8FF-687B02E3180D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el formulario de autenticaci\u00f3n en el servidor web integrado en el Data Management Server (DMS) anterior a v1.4.3 en Samsung Integrated Management System permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4284",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-09T22:55:01.007",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/236668"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/236668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-069-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 05:15
Modified
2025-08-11 19:05
Severity ?
Summary
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT@samsung.com | https://security.samsungda.com/securityUpdates.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254",
"versionEndExcluding": "2.3.13.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB",
"versionEndExcluding": "2.6.14.1",
"versionStartIncluding": "2.5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5",
"versionEndExcluding": "2.9.3.6",
"versionStartIncluding": "2.7.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
},
{
"lang": "es",
"value": "Una ejecuci\u00f3n posterior a una redirecci\u00f3n en Samsung DMS(Data Management Server) permite a los atacantes ejecutar funciones limitadas sin permisos. Un atacante podr\u00eda comprometer la integridad de la plataforma al ejecutar esta vulnerabilidad."
}
],
"id": "CVE-2025-53077",
"lastModified": "2025-08-11T19:05:41.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T05:15:31.640",
"references": [
{
"source": "PSIRT@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"sourceIdentifier": "PSIRT@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-698"
}
],
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 05:15
Modified
2025-08-11 19:07
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT@samsung.com | https://security.samsungda.com/securityUpdates.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server_firmware | * | |
| samsung | data_management_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254",
"versionEndExcluding": "2.3.13.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB",
"versionEndExcluding": "2.6.14.1",
"versionStartIncluding": "2.5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5",
"versionEndExcluding": "2.9.3.6",
"versionStartIncluding": "2.7.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem"
},
{
"lang": "es",
"value": "La limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\u0027Path Traversal\u0027) en Samsung DMS(Data Management Server) permite a los atacantes autenticados crear archivos arbitrarios en ubicaciones no deseadas en el sistema de archivos."
}
],
"id": "CVE-2025-53080",
"lastModified": "2025-08-11T19:07:11.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "PSIRT@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T05:15:32.150",
"references": [
{
"source": "PSIRT@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"sourceIdentifier": "PSIRT@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "PSIRT@samsung.com",
"type": "Secondary"
}
]
}