Improper Permission Handling in PackageInstallerCN Affects Samsung Devices
CVE-2025-20974

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Packageinstallercn
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20974?

The PackageInstallerCN component has a vulnerability due to improper handling of insufficient permissions, which could allow a local attacker to perform an installation without necessary user interaction. This weakness can lead to unauthorized software being installed, potentially compromising device security. It is crucial for users to update to version 15.0.11.0 or later to mitigate this risk.

Affected Version(s)

PackageInstallerCN 15.0.11.0

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024