Improper Access Control in Samsung Gallery Affects User Data Security
CVE-2025-20966

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Gallery
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20966?

A security flaw in Samsung Gallery prior to specific versions allows physical attackers to exploit insufficient access controls. This vulnerability can lead to unauthorized access to user data across different profiles, posing significant risks to data privacy and security. Users of affected versions should update to mitigate exposure to potential threats.

Affected Version(s)

Samsung Gallery 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024