CVE-2025-20951

Summary

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileGalaxy Store4.5.90.7unaffected

Weaknesses

  • CWE-925 : Improper Verification of Intent by Broadcast Receiver

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References