Security Flaw in Samsung Device Settings Allows Local Access to Sensitive Information
CVE-2025-20909

4MEDIUM

Key Information:

Vendor

Samsung

Vendor
CVE Published:
6 March 2025

What is CVE-2025-20909?

A significant security issue has been identified in Samsung mobile devices, allowing local attackers to exploit implicit intents within device settings. This vulnerability enables unauthorized access to sensitive information prior to the SMR Mar-2025 Release 1, posing a risk to user data and privacy. Stakeholders are advised to explore updated security measures and apply the latest firmware patches to mitigate this risk.

Affected Version(s)

Samsung Mobile Devices SMR Mar-2025 Release in Android 14

References

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20909 : Security Flaw in Samsung Device Settings Allows Local Access to Sensitive Information