Out-of-Bounds Write Vulnerability in Samsung Mobile Software
CVE-2025-20890

7HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 February 2025

Summary

An out-of-bounds write vulnerability in the libsthmbc.so component prior to the SMR Jan-2025 Release 1 allows local attackers to exploit the system by executing arbitrary code. This flaw necessitates user interaction to trigger, posing a significant risk to systems using the affected version. Users are advised to update their software to mitigate potential exploitation.

Affected Version(s)

Samsung Mobile Devices SMR Jan-2025 Release in Android 12, 13, 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024