Sign-up

ID

VAR-202504-2622


CVE

CVE-2025-20945


TITLE

Samsung's Wear OS Vulnerability in insecure storage of critical information in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025430

DESCRIPTION

Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software. Samsung Galaxy Watch is a smartwatch that provides multiple features, including fitness tracking, notifications, and mobile payments. The vulnerability is due to improper access control

Trust: 2.16

sources: NVD: CVE-2025-20945 // JVNDB: JVNDB-2025-025430 // CNVD: CNVD-2025-12693

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12693

AFFECTED PRODUCTS

vendor:samsungmodel:wear osscope:eqversion:5.0

Trust: 1.0

vendor:サムスンmodel:wear osscope:eqversion:5.0

Trust: 0.8

vendor:サムスンmodel:wear osscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:wear osscope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy watch <smr apr-2025 releasescope:eqversion:1

Trust: 0.6

sources: CNVD: CNVD-2025-12693 // JVNDB: JVNDB-2025-025430 // NVD: CVE-2025-20945

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com: CVE-2025-20945
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-20945
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-20945
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-12693
value: LOW

Trust: 0.6

CNVD: CNVD-2025-12693
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

mobile.security@samsung.com: CVE-2025-20945
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-20945
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-20945
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12693 // JVNDB: JVNDB-2025-025430 // NVD: CVE-2025-20945 // NVD: CVE-2025-20945

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.0

problemtype:Insecure storage of important information (CWE-922) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-025430 // NVD: CVE-2025-20945

PATCH

title:Security Updates Firmware Updates | Samsung Mobile Securityurl:https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04

Trust: 0.8

title:Patch for Samsung Galaxy Watch Improper Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/698756

Trust: 0.6

sources: CNVD: CNVD-2025-12693 // JVNDB: JVNDB-2025-025430

EXTERNAL IDS

db:NVDid:CVE-2025-20945

Trust: 3.2

db:JVNDBid:JVNDB-2025-025430

Trust: 0.8

db:CNVDid:CNVD-2025-12693

Trust: 0.6

sources: CNVD: CNVD-2025-12693 // JVNDB: JVNDB-2025-025430 // NVD: CVE-2025-20945

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2025-20945

Trust: 1.4

url:https://security.samsungmobile.com/securityupdate.smsb?year=2025&month=04

Trust: 1.0

sources: CNVD: CNVD-2025-12693 // JVNDB: JVNDB-2025-025430 // NVD: CVE-2025-20945

SOURCES

db:CNVDid:CNVD-2025-12693
db:JVNDBid:JVNDB-2025-025430
db:NVDid:CVE-2025-20945

LAST UPDATE DATE

2026-01-29T23:47:09.758000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12693date:2025-06-17T00:00:00
db:JVNDBid:JVNDB-2025-025430date:2026-01-28T03:37:00
db:NVDid:CVE-2025-20945date:2026-01-27T17:55:02.733

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12693date:2025-06-17T00:00:00
db:JVNDBid:JVNDB-2025-025430date:2026-01-28T00:00:00
db:NVDid:CVE-2025-20945date:2025-04-08T05:15:39.037