CVE-2025-32407

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.0%
top 89.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Internet
Timeline
PublishedMay 16

Description

Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerabi

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/internet5.0.9

🔴Vulnerability Details

2
GHSA
GHSA-2hgg-g6cr-365f: Samsung Internet for Galaxy Watch version 52025-05-16
CVEList
CVE-2025-32407: Samsung Internet for Galaxy Watch version 52025-05-16