CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20994

Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.0%

CVSS Severity

CVSS v3 Score 4.5

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=06

Products affected by CVE-2025-20994

Samsung » Internet » Version: N/A

cpe:2.3:a:samsung:internet:-
Samsung » Internet » Version: 13.2.1.46

cpe:2.3:a:samsung:internet:13.2.1.46
Samsung » Internet » Version: 13.2.1.70

cpe:2.3:a:samsung:internet:13.2.1.70
Samsung » Internet » Version: 14.0.1.20

cpe:2.3:a:samsung:internet:14.0.1.20
Samsung » Internet » Version: 14.0.1.62

cpe:2.3:a:samsung:internet:14.0.1.62
Samsung » Internet » Version: 16.0.6.23

cpe:2.3:a:samsung:internet:16.0.6.23
Samsung » Internet » Version: 24.0

cpe:2.3:a:samsung:internet:24.0
Samsung » Internet » Version: 24.0.0.41

cpe:2.3:a:samsung:internet:24.0.0.41
Samsung » Internet » Version: 24.0.3.2

cpe:2.3:a:samsung:internet:24.0.3.2
Samsung » Internet » Version: 25.0.0.41

cpe:2.3:a:samsung:internet:25.0.0.41
Samsung » Internet » Version: 5.0.9

cpe:2.3:a:samsung:internet:5.0.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20994

Products

Pricing

Contact Us