Improper Access Control in Samsung Gallery Affects Global and China Android Products
CVE-2025-20967

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Gallery
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20967?

An improper access control issue exists in Samsung Gallery prior to specific versions, allowing unauthorized users to read and write arbitrary files with elevated privileges of the app. This vulnerability poses risks to user data confidentiality, potentially leading to unauthorized exposure or modification of personal files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Samsung Gallery 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024

JSON

Samsung