CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*

History

30 Jan 2026, 21:17

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05 - Vendor Advisory
Summary		(es) El control de acceso inadecuado en Samsung Gallery anterior a la versión 14.5.10.3 en Android 13 global, 14.5.09.3 en Android 13 de China y 15.5.04.5 en Android 14 permite a atacantes remotos acceder a datos y realizar operaciones internas dentro de Samsung Gallery.
CPE		cpe:2.3:a:samsung:gallery:::::::: cpe:2.3:o:samsung:android:13.0:-:::::: cpe:2.3:o:samsung:android:14.0:-::::::
First Time		Samsung android Samsung Samsung gallery

07 May 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 09:15

Updated : 2026-01-30 21:17

NVD link : CVE-2025-20968

Mitre link : CVE-2025-20968

CVE.ORG link : CVE-2025-20968

JSON object : View

Products Affected

samsung

android
gallery

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-20968", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-05-07T09:15:17.153", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery."}, {"lang": "es", "value": "El control de acceso inadecuado en Samsung Gallery anterior a la versi\u00f3n 14.5.10.3 en Android 13 global, 14.5.09.3 en Android 13 de China y 15.5.04.5 en Android 14 permite a atacantes remotos acceder a datos y realizar operaciones internas dentro de Samsung Gallery."}], "lastModified": "2026-01-30T21:17:56.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28877662-92A8-4181-A5E9-74736DD5B4C2", "versionEndExcluding": "14.5.10.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB92B731-E746-45E3-8F77-3A7D493DAE22", "versionEndExcluding": "14.5.09.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "641CF996-B1E2-4E3A-971B-A108E4412308", "versionEndExcluding": "15.5.04.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}