CVE-2025-20970 | THREATINT

Description

Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.

Reserved 2024-11-06 | Published 2025-05-07 | Updated 2025-05-07 | Assigner SamsungMobile

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-284 Improper Access Control

Product status

Default status

affected

3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15

unaffected

References

security.samsungmobile.com/...iceWeb.smsb?year=2025&month=05

cve.org (CVE-2025-20970)

nvd.nist.gov (CVE-2025-20970)

Download JSON