CVE-2025-20994
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-06-04
Last updated on: 2025-12-04
Assigner: Samsung Mobile
Description
Description
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | internet | to 28.0.0.59 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to improper handling of insufficient permissions in the SyncClientProvider component of Samsung Internet browser installed on non-Samsung devices prior to version 28.0.0.59. It allows local attackers to read and write arbitrary files on the affected device.
How can this vulnerability impact me? :
An attacker with local access to the device could exploit this vulnerability to read and modify arbitrary files, potentially leading to data leakage, data corruption, or unauthorized changes to the system or user data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70