Improper Access Control in SmartManagerCN by Samsung
CVE-2025-20953

4.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20953?

The SmartManagerCN application developed by Samsung contains an improper access control vulnerability that allows local attackers to execute unauthorized activities before the SMR May-2025 Release 1. This flaw poses significant security risks, enabling malicious users to manipulate or access sensitive data within the application. Users are advised to update to the latest version following the release to mitigate these risks.

Affected Version(s)

Samsung Mobile Devices SMR May-2025 Release in Android 13, 14, 15

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024