Details of VAR-202505-0923

ID

VAR-202505-0923

CVE

CVE-2025-20967

TITLE

Samsung's Gallery Unspecified vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025627

DESCRIPTION

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-20967 // JVNDB: JVNDB-2025-025627

AFFECTED PRODUCTS

vendor:	samsung	model:	gallery	scope:	lt	version:	15.5.04.5	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.09.3	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.10.3	Trust: 1.0
vendor:	サムスン	model:	gallery	scope:	eq	version:	15.5.04.5	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.10.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.09.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-025627 // NVD: CVE-2025-20967

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2025-20967
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-20967
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-20967
value:	CRITICAL
Trust: 0.8

mobile.security@samsung.com:	CVE-2025-20967
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-20967
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2025-20967
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-025627 // NVD: CVE-2025-20967 // NVD: CVE-2025-20967

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025627 // NVD: CVE-2025-20967

PATCH

title:

Security Updates Other Updates | Samsung Mobile Security

url:

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Trust: 0.8

sources: JVNDB: JVNDB-2025-025627

EXTERNAL IDS

db:	NVD	id:	CVE-2025-20967	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-025627	Trust: 0.8

sources: JVNDB: JVNDB-2025-025627 // NVD: CVE-2025-20967

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=05	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-20967	Trust: 0.8

sources: JVNDB: JVNDB-2025-025627 // NVD: CVE-2025-20967

SOURCES

db:	JVNDB	id:	JVNDB-2025-025627
db:	NVD	id:	CVE-2025-20967

LAST UPDATE DATE

2026-02-03T23:34:44.372000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-025627	date:	2026-02-02T10:26:00
db:	NVD	id:	CVE-2025-20967	date:	2026-01-30T21:18:34.967

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-025627	date:	2026-02-02T00:00:00
db:	NVD	id:	CVE-2025-20967	date:	2025-05-07T09:15:17.027