CVE-2025-20907 — Infinite Loop in Samsung Android
Severity
4.4MEDIUMNVD
CNA6.0
EPSS
0.1%
top 80.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Description
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
2CVEListâ–¶
CVE-2025-20907: Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find↗2025-02-04
GHSAâ–¶
GHSA-26g3-897h-f2rc: Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find↗2025-02-04
📋Vendor Advisories
1Microsoftâ–¶
In Lib/tarfile.py in Python through 3.8.3 an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open because _proc_pax lacks header validation.↗2020-07-14