CVE-2025-20975

Summary

Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileAODService8.8.28.12unaffected

Weaknesses

  • CWE-926: Improper Export of Android Application Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References