Sign-up

ID

VAR-202504-2032


CVE

CVE-2025-20951


DESCRIPTION

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Trust: 1.0

sources: NVD: CVE-2025-20951

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy storescope:ltversion:4.5.90.7

Trust: 1.0

sources: NVD: CVE-2025-20951

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com: CVE-2025-20951
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-20951
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2025-20951
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 2.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-20951
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-20951 // NVD: CVE-2025-20951

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2025-20951

EXTERNAL IDS

db:NVDid:CVE-2025-20951

Trust: 1.0

sources: NVD: CVE-2025-20951

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=04

Trust: 1.0

sources: NVD: CVE-2025-20951

SOURCES

db:NVDid:CVE-2025-20951

LAST UPDATE DATE

2025-07-18T23:03:21.617000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-20951date:2025-07-17T18:16:16.397

SOURCES RELEASE DATE

db:NVDid:CVE-2025-20951date:2025-04-08T05:15:39.647