Incorrect Default Permission in DiagMonAgent Affects Galaxy Watch by Samsung
CVE-2025-20912

6.2MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 6 March 2025

Summary

A security vulnerability present in the DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to exploit incorrect default permissions. This oversight permits unauthorized access to sensitive data on Galaxy Watch devices, potentially compromising user privacy and personal information. Prompt updates and security measures are crucial to mitigate risks associated with this vulnerability.

Affected Version(s)

Samsung Mobile Devices SMR Mar-2025 Release in Android Watch 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Nov 6, 2024