Improper Access Control in Samsung Email by Samsung
CVE-2025-20894

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Email
Vendor: CVE Published:; 4 February 2025

Summary

A vulnerability in Samsung Email prior to version 6.1.97.1 allows physical attackers to gain unauthorized access to sensitive information across multiple user profiles. This issue poses a significant risk to user data security, as it enables malicious individuals to exploit the existing access controls, leading to potential data breaches and privacy violations.

Affected Version(s)

Samsung Email 6.1.97.1

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024