Improper Access Control in SoundPicker by Samsung
CVE-2025-20883

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 February 2025

Summary

The SoundPicker application from Samsung has a security flaw that enables physical attackers to improperly access sensitive data across multiple user profiles. This flaw exists in versions released before the SMR January 2025 Release 1, highlighting the importance of maintaining up-to-date software to mitigate potential risks associated with unauthorized data access.

Affected Version(s)

Samsung Mobile Devices SMR Jan-2025 Release in Android 12, 13, 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024