Improper Access Control in Samsung Gallery by Samsung
CVE-2025-20968

7.2HIGH

Key Information:

Vendor: Samsung
Status: Samsung Gallery
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20968?

The Samsung Gallery application suffers from improper access control specifically affecting several versions across Android platforms. This vulnerability allows remote attackers to exploit the application, gaining unauthorized access to sensitive user data and executing internal operations that should otherwise be restricted. The affected versions include those prior to 14.5.10.3 for Global Android 13, 14.5.09.3 for China Android 13, and 15.5.04.5 for Android 14. It is crucial for users to update their applications to safeguard against potential data breaches.

Affected Version(s)

Samsung Gallery 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024