CVE-2025-20994
3 documents3 sources
Severity
7.1HIGH
EPSS
0.0%
top 84.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 4
Description
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-6w89-5w4v-7vf6: Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28↗2025-06-04
CVEList▶
CVE-2025-20994: Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28↗2025-06-04