CVE-2025-20994

Summary

Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Internet28.0.0.59unaffected

Weaknesses

  • CWE-276: Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References