CVE-2025-20966

Published: May 7, 2025Modified: Jan 30, 2026

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 3.6

Source: mobile.security@samsung.com (Secondary)

Description

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.

Affected (3)

Products: Samsung: Gallery

Samsung

1 product

Gallery

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Gallery	Before 14.5.10.3

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Gallery	Before 14.5.09.3

Running on/with	Platform Versions
Samsung Android	Version 13.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Gallery	Before 15.5.04.5

Running on/with	Platform Versions
Samsung Android	Version 14.0

References (1)

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Source: mobile.security@samsung.com

Vendor Advisory

Timeline

No history available yet.