Improper Input Validation in Samsung Gallery Affects Android Products by Samsung
CVE-2025-20969

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Gallery
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20969?

An input validation flaw in the Samsung Gallery application prior to specified versions on Android 13 and 14 allows local attackers to gain unauthorized access to sensitive data stored within the app. This security oversight highlights the need for rigorous input validation mechanisms to prevent unauthorized data exploitation.

Affected Version(s)

Samsung Gallery 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024