Sign-up

ID

VAR-202502-0737


CVE

CVE-2025-20895


DESCRIPTION

Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

Trust: 1.0

sources: NVD: CVE-2025-20895

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy storescope:ltversion:4.5.87.6

Trust: 1.0

sources: NVD: CVE-2025-20895

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com: CVE-2025-20895
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-20895
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2025-20895
baseSeverity: LOW
baseScore: 3.2
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.7
impactScore: 2.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-20895
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-20895 // NVD: CVE-2025-20895

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2025-20895

EXTERNAL IDS

db:NVDid:CVE-2025-20895

Trust: 1.0

sources: NVD: CVE-2025-20895

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=01

Trust: 1.0

sources: NVD: CVE-2025-20895

SOURCES

db:NVDid:CVE-2025-20895

LAST UPDATE DATE

2025-07-18T23:26:40.939000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-20895date:2025-07-17T20:05:48.647

SOURCES RELEASE DATE

db:NVDid:CVE-2025-20895date:2025-02-04T08:15:30.827