CVE-2025-20899

Summary

Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.

Affected Software

VendorProductVersion RangeStatus
Samsung MobilePushNotification13.0.00.15 in Android 12, 14.0.00.7 in Android 13, 15.1.00.5 in Android 14unaffected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References