CVE-2025-20966

3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 69.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Gallery
Timeline
PublishedMay 7

Description

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/gallery< 14.5.10.3+2

🔴Vulnerability Details

2
CVEList
CVE-2025-20966: Improper access control in Samsung Gallery prior to version 142025-05-07
GHSA
GHSA-f3f4-3g45-5gh4: Improper access control in Samsung Gallery prior to version 142025-05-07
CVE-2025-20966 (MEDIUM CVSS 4.6) | Improper access control in Samsung | cvebase.io