Improper Export Vulnerability in AODService by Samsung
CVE-2025-20975

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Aodservice
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20975?

An improper export vulnerability exists in AODService, allowing local attackers to launch arbitrary activities with elevated systemui privileges. This exposure can lead to unauthorized actions on devices running versions prior to 8.8.28.12, highlighting the importance of securing application components to mitigate risks of exploitation.

Affected Version(s)

AODService 8.8.28.12

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024