Improper Verification of Intent in Galaxy Store by Samsung
CVE-2025-20951

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 8 April 2025

Summary

The Galaxy Store by Samsung contains a vulnerability that arises from improper verification of intent within its broadcast receiver. This security flaw enables local attackers to exploit the vulnerability, allowing them to write arbitrary files with the privileges of the Galaxy Store. This could result in unauthorized data manipulation or system compromise by executing code or commands that should not be allowed, affecting the integrity of the device's security.

Affected Version(s)

Galaxy Store 4.5.90.7

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Nov 6, 2024