Improper Permission Handling in Sepunion Service by Samsung
CVE-2025-20961

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20961?

A vulnerability in the Sepunion service from Samsung prior to the SMR May-2025 Release 1 allows local attackers to exploit improper permissions handling. This weakness opens the door for unauthorized access to sensitive files, potentially granting attackers elevated capabilities within the system.

Affected Version(s)

Samsung Mobile Devices SMR May-2025 Release in Android 13, 14, 15

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024