Use After Free Vulnerability in Samsung rLottie
CVE-2025-0634

5.1MEDIUM

Key Information:

Vendor: Samsung Open Source
Status: Rlottie
Vendor: CVE Published:; 30 June 2025

🔔 Create Samsung Open Source Vulnerability Alert

What is CVE-2025-0634?

A use after free vulnerability has been identified in Samsung's open-source rLottie library, which could allow for remote code inclusion. This flaw could potentially allow an attacker to exploit certain conditions in the software, leading to unauthorized code execution on affected systems. The affected version is rLottie V0.2, making it crucial for users to review their implementations and apply necessary security measures.

Affected Version(s)

rLottie V0.2

References

https://github.com/Samsung/rlottie/pull/571

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Meta Product Security