Details of VAR-202505-0572

ID

VAR-202505-0572

CVE

CVE-2025-20968

TITLE

Samsung's Gallery Unspecified vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025626

DESCRIPTION

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-20968 // JVNDB: JVNDB-2025-025626

AFFECTED PRODUCTS

vendor:	samsung	model:	gallery	scope:	lt	version:	15.5.04.5	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.09.3	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.10.3	Trust: 1.0
vendor:	サムスン	model:	gallery	scope:	eq	version:	15.5.04.5	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.10.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.09.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-025626 // NVD: CVE-2025-20968

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2025-20968
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-20968
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-20968
value:	CRITICAL
Trust: 0.8

mobile.security@samsung.com:	CVE-2025-20968
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.7
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-20968
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2025-20968
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-025626 // NVD: CVE-2025-20968 // NVD: CVE-2025-20968

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025626 // NVD: CVE-2025-20968

PATCH

title:

Security Updates Other Updates | Samsung Mobile Security

url:

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Trust: 0.8

sources: JVNDB: JVNDB-2025-025626

EXTERNAL IDS

db:	NVD	id:	CVE-2025-20968	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-025626	Trust: 0.8

sources: JVNDB: JVNDB-2025-025626 // NVD: CVE-2025-20968

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=05	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-20968	Trust: 0.8

sources: JVNDB: JVNDB-2025-025626 // NVD: CVE-2025-20968

SOURCES

db:	JVNDB	id:	JVNDB-2025-025626
db:	NVD	id:	CVE-2025-20968

LAST UPDATE DATE

2026-02-04T23:17:34.188000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-025626	date:	2026-02-02T10:26:00
db:	NVD	id:	CVE-2025-20968	date:	2026-01-30T21:17:56.700

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-025626	date:	2026-02-02T00:00:00
db:	NVD	id:	CVE-2025-20968	date:	2025-05-07T09:15:17.153