Path Traversal Vulnerability in Samsung Members by Samsung
CVE-2025-20949

9.1CRITICAL

Key Information:

Vendor: Samsung
Status: Samsung Members
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20949?

A path traversal vulnerability exists in Samsung Members prior to version 5.0.00.11, allowing attackers to exploit the file access controls. This flaw enables unauthorized users to read and write arbitrary files with privileges associated with the Samsung Members application, which may lead to sensitive information disclosure or manipulation on affected devices.

Affected Version(s)

Samsung Members 5.0.00.11

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024