Improper Access Control in PENUP Affects Samsung Mobile Devices
CVE-2025-20978

6.2MEDIUM

Key Information:

Vendor: Samsung
Status: Penup
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-20978?

An access control flaw has been discovered in PENUP prior to version 3.9.19.32, which allows local attackers with PENUP privileges to access sensitive files. This vulnerability poses a significant risk as it enables unauthorized users to exploit the application, potentially leading to data breaches or unintentional exposure of confidential information. Users of affected versions are strongly advised to update to the latest release to mitigate potential risks.

Affected Version(s)

PENUP 3.9.19.32

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Nov 6, 2024