CVE-2025-53078 - Vulnerability Details - OpenCVE

Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Samsung	Data Management Server

No data.

No data.

References

Link	Providers
https://security.samsungda.com/securityUpdates.html

History

Wed, 30 Jul 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung Samsung data Management Server
Vendors & Products		Samsung Samsung data Management Server

Tue, 29 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 29 Jul 2025 05:15:00 +0000

Type	Values Removed	Values Added
Description		Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Weaknesses		CWE-502
References		https://security.samsungda.com/securityUpdates.html
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2025-07-29T05:04:18.477Z

Updated: 2025-07-29T15:02:48.207Z

Reserved: 2025-06-24T23:17:22.556Z

Link: CVE-2025-53078

Vulnrichment

Updated: 2025-07-29T15:01:15.646Z

NVD

Status : Awaiting Analysis

Published: 2025-07-29T05:15:31.817

Modified: 2025-07-29T14:14:29.590

Link: CVE-2025-53078

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53078", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2025-06-24T23:17:22.556Z", "datePublished": "2025-07-29T05:04:18.477Z", "dateUpdated": "2025-07-29T15:02:48.207Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Data Management Server", "vendor": "Samsung Electronics", "versions": [{"lessThan": "2.3.13.1", "status": "affected", "version": "2.0.0", "versionType": "custom"}, {"lessThan": "2.6.14.1", "status": "affected", "version": "2.5.0.17", "versionType": "custom"}, {"lessThan": "2.9.3.6", "status": "affected", "version": "2.7.0.15", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Noam Moshe of Claroty Team82"}], "datePublic": "2025-07-29T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"}], "value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2025-07-29T05:04:18.477Z"}, "references": [{"url": "https://security.samsungda.com/securityUpdates.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T15:01:11.042631Z", "id": "CVE-2025-53078", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T15:02:48.207Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53078", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-29T15:01:11.042631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T15:01:15.646Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Noam Moshe of Claroty Team82"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Electronics", "product": "Data Management Server", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.3.13.1", "versionType": "custom"}, {"status": "affected", "version": "2.5.0.17", "lessThan": "2.6.14.1", "versionType": "custom"}, {"status": "affected", "version": "2.7.0.15", "lessThan": "2.9.3.6", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-07-29T03:00:00.000Z", "references": [{"url": "https://security.samsungda.com/securityUpdates.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system", "supportingMedia": [{"type": "text/html", "value": "Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2025-07-29T05:04:18.477Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53078", "state": "PUBLISHED", "dateUpdated": "2025-07-29T15:02:48.207Z", "dateReserved": "2025-06-24T23:17:22.556Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2025-07-29T05:04:18.477Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.1"}