Samsung Flow vulnerabilities

CVE-2025-20972 [MEDIUM] CVE-2025-20972: Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allo Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.

CVE-2025-20971 [MEDIUM] CVE-2025-20971: Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.

CVE-2024-49407 [MEDIUM] CVE-2024-49407: Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to acces Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.

CVE-2024-34600 [MEDIUM] CVE-2024-34600: Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.

CVE-2023-21444 [HIGH] CWE-326 CVE-2023-21444: Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to d Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands.

CVE-2023-21443 [HIGH] CWE-326 CVE-2023-21443: Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adj Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands.