CVE-2025-20970

Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Configurations

No configuration.

History

07 May 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 09:15

Updated : 2025-05-07 14:13

NVD link : CVE-2025-20970

Mitre link : CVE-2025-20970

CVE.ORG link : CVE-2025-20970

JSON object : View

Products Affected

No product.

CWE

No CWE.

6.2 /10