Improper Access Control in Samsung Fingerprint Trustlet
CVE-2025-20987

5.2MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 June 2025

What is CVE-2025-20987?

An improper access control vulnerability exists in the fingerprint trustlet of Samsung devices, allowing local privileged attackers to exploit the flaw and obtain an authentication token. This can potentially allow unauthorized access to sensitive data and compromise the device's security. Keeping devices updated with the latest security releases is crucial to mitigate risks associated with such vulnerabilities.

Affected Version(s)

Samsung Mobile Devices SMR Jun-2025 Release in Android 13, 14, 15

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Nov 6, 2024