Improper Access Control in NotificationManager Affects Samsung Devices
CVE-2025-20893

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 February 2025

Summary

The NotificationManager in Samsung devices prior to the SMR January 2025 Release 1 is vulnerable to improper access control, potentially allowing local attackers to modify notification configurations. This vulnerability could lead to unauthorized changes, impacting the integrity of notifications and user awareness.

Affected Version(s)

Samsung Mobile Devices SMR Jan-2025 Release in Android 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024