CVE-2025-20967

3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.2%
top 55.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Gallery
Timeline
PublishedMay 7

Description

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.5 | Impact: 2.5

Affected Packages1 packages

NVDsamsung/gallery< 14.5.10.3+2

🔴Vulnerability Details

2
CVEList
CVE-2025-20967: Improper access control in Samsung Gallery prior to version 142025-05-07
GHSA
GHSA-j33m-6826-95m2: Improper access control in Samsung Gallery prior to version 142025-05-07
CVE-2025-20967 (CRITICAL CVSS 9.1) | Improper access control in Samsung | cvebase.io