Sensitive Information Exposure in SoftSIM TA for Samsung Devices
CVE-2025-20886

4.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 February 2025

Summary

The SoftSIM Trusted Application (TA) released by Samsung prior to the January 2025 Security Maintenance Release (SMR) contains a vulnerability that allows local privileged attackers to access sensitive test keys. This situation arises from the inclusion of confidential information in test code, which could potentially compromise the integrity and security of affected devices. Users are advised to update their systems promptly to mitigate this risk.

Affected Version(s)

Samsung Mobile Devices SMR Jan-2025 Release in Select Android 12, 13, 14 devices

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024