CVE-2025-20972

Summary

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Flow4.9.17.6unaffected

Weaknesses

  • CWE-925: Improper Verification of Intent by Broadcast Receiver

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References