Samsung Magician: Security vulnerability allows privilege escalation

Samsung provides software for managing and tweaking settings of its Solid State Drives (SSDs) called “Samsung Magician.” However, it contains a security vulnerability that attackers can use to escalate their privileges within the system. Updated software closes the security gap.

In the vulnerability description, Samsung developers discuss that the installer creates a temporary folder with “weak access rights” during installation. Non-admins in Windows can exploit this for a DLL hijacking attack and thus escalate their privileges in the system (CVE-2025-57836, CVSS 7.8, risk “high”). The vulnerability affects Samsung's Magician for Windows in versions from 6.3.0 up to and including 8.3.2.

Updated version corrects the problem

Version 9.0.0 of Samsung Magician, which is now available, no longer contains the error. It is available for download on the Samsung website – not only for Windows, but also for macOS and Android. However, in the release notes, Samsung only mentions improvements to the user interface.

The SSD management software can also search for updates itself and install them. This should be the easiest way for existing users of the software to apply the update.

Most recently, a high-risk security vulnerability became known in February 2024. There, attackers could escalate their privileges in the Windows version of Samsung Magician due to insufficient privilege checking when using a Named Pipe their rights in the Windows version of Samsung Magician.

Samsung Magician is likely installed on many owners of Samsung SSDs, as the manufacturer also uses it to update SSD firmware. For example, a firmware update was necessary for Samsung's SSD 990 Pro to get a too-fast wear in check.

(dmk)