Samsung has published a security advisory after a high-severity vulnerability was discovered in its Magician SSD utility software on Windows. CVE‑2025‑57836 explains that this vulnerability is the result of the software installer creating “a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.” The newest Samsung Magician software version 9.0.0 fixes this issue and comes with a complete UI/UX overhaul.
This vulnerability was reported to Samsung on August 11, last year, by cybersecurity professional Sandro Poppi. Affected versions of the Samsung Magician software include those from 6.3.0 to 8.3.2. That’s releases spanning 2021 almost to the present day. Samsung shared details of this ‘high severity’ vulnerability on Sunday, January 4, 2026.
CVE‑2025‑57836 implications
If you are using a version of Samsung Magician software older than the latest version 9.0.0 on Windows, you should upgrade. Samsung has implemented a major UI and UX update, which looks pretty cool and useful from the download page screenshots and details.
Earlier vulnerable versions should also be replaced as they suffer from the CVE‑2025‑57836 vulnerabilities. Specifically, an attacker with access to your computer as a normal user could use this vulnerability to become an administrator, the next time you run the Magician software.
They would do their dastardly deeds by replacing files in the Magician folder affected by weak access rights. Even a non-admin can replace files there, or add in malicious DLLs, that would be accessed by Magician upon its next run. Using this vector, it would be possible for the attacker to create new admin accounts, modify system files, the sky’s the limit…
Having warned of the above, this vulnerability might not particularly worry you if your computer is always kept in a secure location, and the only account is the password-protected admin one that you use.
Why use Samsung Magician software?
Samsung Magician is a very popular tool for owners of what are some of the best SSDs, as well as storage solutions like portable SSDs, USB flash drives, and even memory cards. Many users who buy a Samsung drive will be tempted to grab this free software for its very useful functionality, such as:
- Data, apps, and OS migration from old to new storage
- Securing data with encryption or secure erasure
- Performance optimization
- Drive health diagnostics and monitoring
- Drive firmware updates
- Drive authentication
As Samsung sells its storage devices into diverse consumer markets, it makes its Magician software available for platforms like Windows, macOS, and Android. CVE‑2025‑57836 affects only the Windows version of the software.
Follow Tom’s Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
