CVE-2025-20966

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*

History

No history.

Information

Published : 2025-05-07 09:15

Updated : 2026-01-30 21:18

NVD link : CVE-2025-20966

Mitre link : CVE-2025-20966

CVE.ORG link : CVE-2025-20966

JSON object : View

Products Affected

samsung

android
gallery

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-20966", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-05-07T09:15:16.890", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles."}, {"lang": "es", "value": "El control de acceso inadecuado en Samsung Gallery anterior a la versi\u00f3n 14.5.10.3 en Android 13 global, 14.5.09.3 en Android 13 de China y 15.5.04.5 en Android 14 permite que atacantes f\u00edsicos accedan a datos en m\u00faltiples perfiles de usuario."}], "lastModified": "2026-01-30T21:18:51.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28877662-92A8-4181-A5E9-74736DD5B4C2", "versionEndExcluding": "14.5.10.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB92B731-E746-45E3-8F77-3A7D493DAE22", "versionEndExcluding": "14.5.09.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "641CF996-B1E2-4E3A-971B-A108E4412308", "versionEndExcluding": "15.5.04.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}