CVE-2025-53082 is a Samsung HVAC DMS vulnerability disclosed by CISA on 2025-07-29. The issue is described as an arbitrary file deletion flaw that can let an attacker delete files from unintended locations on the filesystem. CISA lists affected Samsung HVAC DMS ranges as >=2.0.0 and <2.3.13.0, >=2.5.0.17 and <2.6.14.0, and >=2.7.0.15 and <2.9.3.5. Exploitation is restricted to specific, authorized private [truncated]
CVE-2025-53081 covers an arbitrary file creation issue in Samsung HVAC DMS (Data Management Server). According to the CISA advisory, the flaw can let an attacker create files in unintended filesystem locations, with exploitation limited to specific authorized private IP addresses. Samsung and CISA advise affected users to obtain the vendor update and, where possible, keep the product off the Internet in a [truncated]
CVE-2025-53079 is an absolute path traversal issue in Samsung HVAC DMS (Data Management Server) disclosed by CISA on 2025-07-29. The advisory says an authenticated attacker with Administrator access can read sensitive files on affected systems. Samsung’s guidance is to obtain a software update through a Samsung call center or installer and keep the product on a separate dedicated network rather than conne [truncated]
CVE-2025-53078 is a Samsung HVAC DMS issue disclosed in CISA advisory ICSA-25-210-02 on 2025-07-29. The advisory states that deserialization of untrusted data in Samsung DMS (Data Management Server) can allow attackers to execute arbitrary code via write-file-to-system behavior. CISA’s advisory lists three affected version ranges and recommends updating through Samsung support and keeping the product on a [truncated]
