← Back

CVE-2025-20912

nvd nist
Published: Mar 6, 2025Modified: Feb 2, 2026

JSON object

Loading...
6.2
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.5 / Impact: 3.6
Source: mobile.security@samsung.com (Secondary)

Description

Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.

Affected (1)

Products: Samsung: Wear Os
Samsung
1 product
Wear Os
Configuration A
1 vulnerable · 10 platform
Vulnerable SoftwareAffected Versions
Wear Os
Version 5.0
Running on/withPlatform Versions
Samsung
Galaxy Watch
All versions
Samsung
Galaxy Watch 4
All versions
Samsung
Galaxy Watch 4 Classic
All versions
Samsung
Galaxy Watch 5
All versions
Samsung
Galaxy Watch 5 Pro
All versions
Samsung
Galaxy Watch 6
All versions
Samsung
Galaxy Watch 6 Classic
All versions
Samsung
Galaxy Watch 7
All versions
Samsung
Galaxy Watch Fe
All versions
Samsung
Galaxy Watch Ultra
All versions

Related CWEs

CWE-922
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (1)

Source: mobile.security@samsung.com
Vendor Advisory

Timeline

No history available yet.