CVE-2025-20974 | THREATINT

Description

Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.

PUBLISHED Reserved 2024-11-06 | Published 2025-05-07 | Updated 2025-05-07 | Assigner SamsungMobile

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Problem types

CWE-280: Improper Handling of Insufficient Permissions or Privileges

Product status

Default status

affected

15.0.11.0

unaffected

References

security.samsungmobile.com/...iceWeb.smsb?year=2025&month=05

cve.org (CVE-2025-20974)

nvd.nist.gov (CVE-2025-20974)

Download JSON