Improper Authorization in Galaxy Watch by Samsung
CVE-2025-20939

5.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 8 April 2025

Summary

A reported security issue in Galaxy Watch devices prior to the SMR April 2025 Release 1 has revealed an improper authorization vulnerability within the wireless download protocol. This flaw allows physical attackers to modify the device's unique identifier, potentially leading to unauthorized access and manipulation of the device. It is crucial for users to remain vigilant and apply firmware updates to maintain device security. For more information, visit Samsung's security updates page.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2025 Release in Android Watch 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Nov 6, 2024