Improper Access Control Vulnerability in Samsung Messaging Application
CVE-2025-20884

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 February 2025

Summary

An improper access control vulnerability exists in the Samsung Messaging application, affecting versions prior to the SMR Jan-2025 Release 1. This flaw enables physical attackers to gain unauthorized access to data across multiple user profiles, posing a significant security risk to user privacy and data integrity. Users are advised to update their messaging app to the latest version to mitigate this vulnerability.

Affected Version(s)

Samsung Mobile Devices SMR Jan-2025 Release in Android 12, 13, 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024