Improper Access Control in Samsung Secure Folder on Android Devices
CVE-2025-20897

6.8MEDIUM

Key Information:

Vendor: Samsung
Status: Secure Folder
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-20897?

An improper access control vulnerability exists in Samsung's Secure Folder across multiple Android versions. This flaw allows local attackers to gain unauthorized access to sensitive data stored within the Secure Folder, compromising user privacy and data integrity. The issue is present in versions released before specific updates for Android 12, 13, and 14, making it crucial for users to ensure they are using the latest version to mitigate potential risks.

Affected Version(s)

Secure Folder 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Nov 6, 2024