Details of VAR-202505-1564

ID

VAR-202505-1564

CVE

CVE-2025-20969

TITLE

Samsung's Gallery Unspecified vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025625

DESCRIPTION

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-20969 // JVNDB: JVNDB-2025-025625

AFFECTED PRODUCTS

vendor:	samsung	model:	gallery	scope:	lt	version:	15.5.04.5	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.09.3	Trust: 1.0
vendor:	samsung	model:	gallery	scope:	lt	version:	14.5.10.3	Trust: 1.0
vendor:	サムスン	model:	gallery	scope:	eq	version:	15.5.04.5	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.10.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	14.5.09.3	Trust: 0.8
vendor:	サムスン	model:	gallery	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-025625 // NVD: CVE-2025-20969

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2025-20969
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-025625
value:	MEDIUM
Trust: 0.8

mobile.security@samsung.com:	CVE-2025-20969
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-025625
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-025625 // NVD: CVE-2025-20969

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025625 // NVD: CVE-2025-20969

PATCH

title:

Security Updates Other Updates | Samsung Mobile Security

url:

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Trust: 0.8

sources: JVNDB: JVNDB-2025-025625

EXTERNAL IDS

db:	NVD	id:	CVE-2025-20969	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-025625	Trust: 0.8

sources: JVNDB: JVNDB-2025-025625 // NVD: CVE-2025-20969

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=05	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-20969	Trust: 0.8

sources: JVNDB: JVNDB-2025-025625 // NVD: CVE-2025-20969

SOURCES

db:	JVNDB	id:	JVNDB-2025-025625
db:	NVD	id:	CVE-2025-20969

LAST UPDATE DATE

2026-02-03T23:35:42.549000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-025625	date:	2026-02-02T10:26:00
db:	NVD	id:	CVE-2025-20969	date:	2026-01-30T21:17:31.707

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-025625	date:	2026-02-02T00:00:00
db:	NVD	id:	CVE-2025-20969	date:	2025-05-07T09:15:17.280