Out-of-bounds Read Vulnerability in Samsung Bootloader
CVE-2025-58476

4.2MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 2 December 2025

What is CVE-2025-58476?

A vulnerability in the Samsung bootloader prior to the SMR Dec-2025 Release 1 allows physical attackers to exploit out-of-bounds memory access, potentially leading to unauthorized data exposure. This can compromise the integrity and confidentiality of sensitive information stored within the device.

Affected Version(s)

Samsung Mobile Devices SMR Dec-2025 Release in Selected Android 13, 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 2, 2025
Vulnerability Reserved
Sep 3, 2025

JSON