MEDIUM🇵🇱 Wersja polska

CVE-2025-20994

CVSS 4.5v3.1pub. 2025-06-04upd. 2025-12-04

Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
  • Samsung Internet

    APP
    Samsung
    < 28.0.0.59
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-25418HIGH7.8ten sam produkt

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted ap...

CVE-2021-25400HIGH7.8ten sam produkt

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute pri...

CVE-2026-21036MEDIUM6.3ten sam produkt

Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensiti...

CVE-2025-58485MEDIUM5.5ten sam produkt

Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbi...

CVE-2025-20995MEDIUM4.9ten sam produkt

Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung De...