Details of VAR-202505-1157

ID

VAR-202505-1157

CVE

CVE-2025-20966

TITLE

Samsung's Gallery Unspecified vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025628

DESCRIPTION

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-20966 // JVNDB: JVNDB-2025-025628

AFFECTED PRODUCTS

vendor:	samsung	model:	gallery	scope:	lt	version:	15.5.04.5	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.09.3	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.10.3	Trust: 1.0
vendor:	サムスン	model:	gallery	scope:	eq	version:	15.5.04.5	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.10.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.09.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-025628 // NVD: CVE-2025-20966

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2025-20966
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-025628
value:	MEDIUM
Trust: 0.8

mobile.security@samsung.com:	CVE-2025-20966
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-025628
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-025628 // NVD: CVE-2025-20966

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025628 // NVD: CVE-2025-20966

PATCH

title:

Security Updates Other Updates | Samsung Mobile Security

url:

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Trust: 0.8

sources: JVNDB: JVNDB-2025-025628

EXTERNAL IDS

db:	NVD	id:	CVE-2025-20966	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-025628	Trust: 0.8

sources: JVNDB: JVNDB-2025-025628 // NVD: CVE-2025-20966

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=05	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-20966	Trust: 0.8

sources: JVNDB: JVNDB-2025-025628 // NVD: CVE-2025-20966

SOURCES

db:	JVNDB	id:	JVNDB-2025-025628
db:	NVD	id:	CVE-2025-20966

LAST UPDATE DATE

2026-02-03T23:31:27.328000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-025628	date:	2026-02-02T10:26:00
db:	NVD	id:	CVE-2025-20966	date:	2026-01-30T21:18:51.750

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-025628	date:	2026-02-02T00:00:00
db:	NVD	id:	CVE-2025-20966	date:	2025-05-07T09:15:16.890