Samsung Magician SSD software ‘High Severity’ vulnerability patched — upgrade to the newest v9.0.0 to prevent potential DLL hijacking and privilege escalation

News
By published

The CVE‑2025‑57836 vulnerability only affects the Windows version of the app.

Samsung Magician software
(Image credit: Samsung)

Samsung has published a security advisory after a high-severity vulnerability was discovered in its Magician SSD utility software on Windows. CVE‑2025‑57836 explains that this vulnerability is the result of the software installer creating “a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.” The newest Samsung Magician software version 9.0.0 fixes this issue and comes with a complete UI/UX overhaul.

Samsung Magician software

(Image credit: Samsung)

This vulnerability was reported to Samsung on August 11, last year, by cybersecurity professional Sandro Poppi. Affected versions of the Samsung Magician software include those from 6.3.0 to 8.3.2. That’s releases spanning 2021 almost to the present day. Samsung shared details of this ‘high severity’ vulnerability on Sunday, January 4, 2026.

CVE‑2025‑57836 implications

If you are using a version of Samsung Magician software older than the latest version 9.0.0 on Windows, you should upgrade. Samsung has implemented a major UI and UX update, which looks pretty cool and useful from the download page screenshots and details.

Earlier vulnerable versions should also be replaced as they suffer from the CVE‑2025‑57836 vulnerabilities. Specifically, an attacker with access to your computer as a normal user could use this vulnerability to become an administrator, the next time you run the Magician software.

They would do their dastardly deeds by replacing files in the Magician folder affected by weak access rights. Even a non-admin can replace files there, or add in malicious DLLs, that would be accessed by Magician upon its next run. Using this vector, it would be possible for the attacker to create new admin accounts, modify system files, the sky’s the limit…

Having warned of the above, this vulnerability might not particularly worry you if your computer is always kept in a secure location, and the only account is the password-protected admin one that you use.

Samsung Magician software

(Image credit: Samsung)

Why use Samsung Magician software?

Samsung Magician is a very popular tool for owners of what are some of the best SSDs, as well as storage solutions like portable SSDs, USB flash drives, and even memory cards. Many users who buy a Samsung drive will be tempted to grab this free software for its very useful functionality, such as:

  • Data, apps, and OS migration from old to new storage
  • Securing data with encryption or secure erasure
  • Performance optimization
  • Drive health diagnostics and monitoring
  • Drive firmware updates
  • Drive authentication

As Samsung sells its storage devices into diverse consumer markets, it makes its Magician software available for platforms like Windows, macOS, and Android. CVE‑2025‑57836 affects only the Windows version of the software.

Google Preferred Source

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Mark Tyson
Mark Tyson
News Editor

Mark Tyson is a news editor at Tom's Hardware. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.

5 Comments Comment from the forums
  • Zaranthos
    Mostly only ever use the software to install firmware updates on Samsung SSD's, then I uninstall it. Probably wouldn't ever let stuff like this run on a corporate network either since it's pretty useless to the average user and just consumes resources running in the background.
    Reply
  • Gururu
    I got 9 a few months ago and I found the interface to be much nicer. No problems with the software and I use it mainly to monitor drive health.
    Reply
  • Aurn
    Unfortunately, version 9.0.0 does not work for me. Causes BSOD "Multiple IRP Complete Requests" at the end of installation. This happens on two PCs with completely different hardware, on Windows 11 and Windows 10. Version 8.3.2 does the same, so I had to stay on 8.2.0 (have not tried 8.3.0 and 8.3.1)
    Reply
  • BFG-9000
    They should've never changed it to be a bloated Electron app. That launches a bundled version of Chromium just to render it, which goes outdated much more quickly than they update the app.

    The problem is browsers are updated all of the time for security threats, so everybody knows to reverse-engineer those updates to find vulnerabilities affecting only older versions of browsers. And Samsung has you use an embedded older browser because they don't update it often.

    I see the release notes for 9.0.0 only lists as changed:
    Enhanced User Convenience
    Improved the UI/UX to enhance user convenience. Users can easily use various features with a more intuitive and streamlined screen.

    And now they have removed all previous versions for download, including the pre-Electron versions that wouldn't have this security issue
    Reply
  • AloofBrit
    BFG-9000 said:
    And now they have removed all previous versions for download, including the pre-Electron versions that wouldn't have this security issue
    TPU has installers going back to 2018 (hit Show older versions on the left)

    https://www.techpowerup.com/download/samsung-magician-ssd-management-utility/
    Reply