CVE-2025-20973 | THREATINT

Description

Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.

PUBLISHED Reserved 2024-11-06 | Published 2025-05-07 | Updated 2025-05-07 | Assigner SamsungMobile

MEDIUM: 5.4CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-287 Improper Authentication

Product status

Default status

affected

1.8.12.0 in Android 13, and 1.9.21.00 in Android 14

unaffected

References

security.samsungmobile.com/...iceWeb.smsb?year=2025&month=05

cve.org (CVE-2025-20973)

nvd.nist.gov (CVE-2025-20973)

Download JSON