Improper Access Control in Samsung Mobile Products
CVE-2022-39888

4.3MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 September 2025

What is CVE-2022-39888?

An improper access control vulnerability exists in the retrieveExternalProxy function within the MiscPolicy prior to the SMR November 2022 Release 1. This flaw enables a local attacker to gain unauthorized access to sensitive Proxy information, potentially compromising the security of affected Samsung Mobile products. It highlights the importance of timely updates and security patches to protect against such vulnerabilities.

Affected Version(s)

Samsung Mobile Devices SMR Nov-2022 Release in Q(10), R(11), S(12)

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Sep 5, 2022