Insufficient Permission Vulnerability in Samsung Bixby Wakeup
CVE-2025-20965

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Voice Wake-up
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20965?

The Bixby application prior to version 2.3.74.8 has a vulnerability due to improper handling of insufficient permissions. This flaw can potentially allow local attackers to exploit the system to gain unauthorized access to sensitive data, heightening the risk of information leakage and privacy breaches.

Affected Version(s)

Voice wake-up 2.3.74.8

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024