Improper Access Control in Samsung Gallery Affects Global and China Android Products
CVE-2025-20967

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Gallery
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20967?

An improper access control issue exists in Samsung Gallery prior to specific versions, allowing unauthorized users to read and write arbitrary files with elevated privileges of the app. This vulnerability poses risks to user data confidentiality, potentially leading to unauthorized exposure or modification of personal files.

Affected Version(s)

Samsung Gallery 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024