CVE-2025-20951 | THREATINT

Description

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

PUBLISHED Reserved 2024-11-06 | Published 2025-04-08 | Updated 2025-04-08 | Assigner SamsungMobile

MEDIUM: 5.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Problem types

CWE-925 : Improper Verification of Intent by Broadcast Receiver

Product status

Default status

affected

4.5.90.7

unaffected

References

security.samsungmobile.com/...iceWeb.smsb?year=2025&month=04

cve.org (CVE-2025-20951)

nvd.nist.gov (CVE-2025-20951)

Download JSON