Improper Input Validation in Samsung Flow Affects Data Security
CVE-2025-20971

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Flow
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20971?

Improper input validation in Samsung Flow versions prior to 4.9.17.6 enables local attackers to exploit the vulnerability and gain unauthorized access to sensitive data stored within the application. This flaw emphasizes the need for robust security measures to protect against potential data breaches and unauthorized access by maintaining updated software versions.

Affected Version(s)

Samsung Flow 4.9.17.6

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024