Security Vulnerabilities - CVEs Published In December 2025
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-12-02
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-02
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-02
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-02
Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVSS Score
4.5
EPSS Score
0.0
Published
2025-12-02
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-12-02
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-12-02
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-02
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-02
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-02