Improper Permission Handling in Samsung Device Health Manager Service
CVE-2025-20940

4MEDIUM

Key Information:

Vendor
Samsung
Status
Samsung Devices
Vendor
CVE Published:
8 April 2025

Summary

The Samsung Device Health Manager Service, prior to SMR Apr-2025 Release 1, has a flaw that allows local attackers to exploit improper handling of insufficient permissions. This vulnerability enables unauthorized access to sensitive data within the service, raising significant security concerns regarding the integrity of device health management functionalities.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2025 Release in Android Watch 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.