CISA KEV adds Samsung MagicINFO and SimpleHelp — quiet flaws in noisy estates
Four CVEs joined the Known Exploited list. None are flashy. All sit in software that lives quietly inside large enterprise estates and almost never gets patched.
CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalogue on 24 April. None of them are household names. All four sit in software that lives quietly inside large enterprise estates and is rarely on anyone’s patch dashboard.
The Samsung MagicINFO 9 Server flaw (CVE-2024-7399) is a path-traversal vulnerability in the management software for Samsung digital-signage screens. If you’ve never thought about Samsung MagicINFO, that’s the point — it sits in retail back-offices, branch-bank lobbies, hospital concourses, transport hubs, and corporate visitor screens. Almost no one inventories it. The SimpleHelp pair (CVE-2024-57726 and CVE-2024-57728) cover a missing-authorization bug and a path-traversal flaw in SimpleHelp remote-support software, which smaller managed service providers and internal IT teams use to reach customer estates. That makes SimpleHelp a supply-chain hop: compromise the MSP, reach every downstream customer over the same support channel they were already trusting. The fourth, CVE-2025-29635, is a command-injection bug in the D-Link DIR-823X — a small-office and remote-worker router class that lives outside most corporate patch programmes by design.
The thread connecting all four is that they’re flaws in the kind of software organisations forget they have. MagicINFO is not on the CISO’s risk register. SimpleHelp probably isn’t owned by IT, it’s owned by the MSP. The D-Link is sitting under the desk at a branch office that the network team hasn’t updated since the day it was installed.
KEV is the cheapest threat-intelligence feed on the planet. No subscription, no analyst, no portal — just the United States’ lead cyber-defence agency telling you that a specific vulnerability is being exploited in the wild right now. Run it against your asset inventory weekly, not monthly. If a CVE on the list matches anything you own, it is by definition a priority; the rest of the patch backlog can move down a row. Whatever else you ignore in your vulnerability programme, do not ignore this list.