Improper Intent Verification Vulnerability in Samsung DeviceIdService
CVE-2025-20942

4.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 8 April 2025

Summary

A vulnerability in Samsung's DeviceIdService allows local attackers to manipulate the system by improperly verifying intents. This flaw enables unauthorized access to reset the OAID (Open Anonymous Device Identifier), potentially compromising user privacy. Users and administrators should apply the latest security updates to mitigate this issue.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2025 Release in Select Android 13, 14, 15 devices

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Nov 6, 2024