* Heise article in German
Samsung Magician: Security vulnerability allows privilege escalation
https://www.heise.de/en/news/Samsung-Magician-Security-vulnerability-allows-privilege-escalation-11130421.html
# Part of the content was translated from Gemini 3.0 Flash and modified.
Samsung provides 'Samsung Magician' software for setting up and adjusting its SSDs. However, a security vulnerability has been found in this software that allows attackers to escalate privileges within the system. The updated software has resolved this issue.
According to the description, the installation program creates a temporary folder with weak access permission-related security during installation. Windows general users (Non-admins) can exploit this for DLL hijacking attacks to elevate system privileges.
(CVE-2025-57836, CVSS 7.8, High risk)
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57836/
This vulnerability existed in the Windows Magician software from version 6.3.0 to 8.3.2.
It has been fixed in Samsung Magician version 9.0.0, which is available for download on the Samsung website and is also available for macOS and Android. However, the release notes posted by Samsung only mention improvements to the user interface.
https://semiconductor.samsung.com/kr/consumer-storage/support/tools/
[The rest of the content is omitted]
* This post was written by the CVE X (Twitter) account.
https://x.com/CVEnew/status/2008220678525272297