CVE-2025-20984
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-04
Last updated on: 2026-02-02
Assigner: Samsung Mobile
Description
Description
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | wear_os | 5.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to incorrect default permissions in Samsung Cloud for Galaxy Watch versions prior to the SMR Jun-2025 Release 1. It allows local attackers to access data stored in Samsung Cloud for Galaxy Watch without proper authorization.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized local access to your data stored in Samsung Cloud for Galaxy Watch, potentially exposing sensitive information and compromising data confidentiality and integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70