CVE-2025-20969

CWE-78 โ€” OS Command Injection5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 77.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Gallery
Timeline
PublishedMay 7
Latest updateDec 3

Description

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDsamsung/gallery< 14.5.10.3+2

๐Ÿ”ดVulnerability Details

2
CVEList
CVE-2025-20969: Improper input validation in Samsung Gallery prior to version 14โ†—2025-05-07
โ–ถ
GHSA
GHSA-g2w4-f56h-2wj6: Improper input validation in Samsung Gallery prior to version 14โ†—2025-05-07
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
PluckCMS 4.7.10 - Unrestricted File Uploadโ†—2025-12-03
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Microsoft
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unreโ†—2019-08-13
โ–ถ
CVE-2025-20969 (MEDIUM CVSS 5.5) | Improper input validation in Samsun | cvebase.io