Sensitive Information Disclosure in EasySetup by Samsung
CVE-2025-20896

4MEDIUM

Key Information:

Vendor: Samsung
Status: Easysetup
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-20896?

The vulnerability in EasySetup prior to version 11.1.18 arises from the use of implicit intents, which can be exploited by local attackers to gain unauthorized access to sensitive information. This can lead to potentially serious privacy and security risks, as attackers may retrieve data that should remain protected. It is essential for users of affected versions to apply the relevant updates to safeguard their sensitive information.

Affected Version(s)

EasySetup 11.1.18

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024