close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Updates>Other Updates

Security Updates

2025Open selected window by year

Close selected window by year
January March April May

We truly appreciate the following security researchers for helping us improve the security of our mobile applications, wearable devices and personal computers. We would like to thank them for disclosing the vulnerability reports responsibly and working with us throughout the process.

Please note that while we are doing our best to release the security patches as soon as possible to all applicable devices and services, release time of security patches may vary depending on the device version and models or service versions.


Android Applications Updates

SVE-2024-0972(CVE-2025-20949): Path traversal vulnerability in Samsung Members

Severity: Moderate
Resolved version: 5.0.00.11
Reported on: April 20, 2024
Description: Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
The patch adds proper input validation.
Acknowledgement: khilli


SVE-2024-1101(CVE-2025-20965): Improper handling of insufficient permission in Bixby wakeup

Severity: Moderate
Resolved version: 2.3.74.8
Reported on: May 9, 2024
Description: Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data.
The patch adds proper access control.
Acknowledgement: elphet


SVE-2024-1192(CVE-2025-20966): Improper access control in Samsung Gallery

Severity: High
Resolved version: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
Reported on: May 24, 2024
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
The patch adds proper access control.
Acknowledgement: Sithi (@0xsithi // sithi.me)


SVE-2024-1514(CVE-2025-20967): Improper access control in Samsung Gallery

Severity: Moderate
Resolved version: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
Reported on: July 26, 2024
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
The patch adds proper access control.
Acknowledgement: Sam of Honor Cyber Security Lab


SVE-2024-1567(CVE-2025-20968): Improper access control in Samsung Gallery

Severity: Moderate
Resolved version: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
Reported on: August 7, 2024
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
The patch adds proper verification.
Acknowledgement: Dawuge


SVE-2024-1574(CVE-2025-20969): Improper input validation in Samsung Gallery

Severity: Moderate
Resolved version: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
Reported on: August 8, 2024
Description: Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
The patch adds proper input validation.
Acknowledgement: Dawuge


SVE-2024-2306(CVE-2025-20970): Improper access control in Bixby Vision

Severity: Moderate
Resolved version: 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15
Reported on: December 8, 2024
Description: Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.
The patch adds access control.
Acknowledgement: 011100101001


SVE-2024-2308(CVE-2025-20971): Improper input validation in Samsung Flow

Severity: Moderate
Resolved version: 4.9.17.6
Reported on: December 8, 2024
Description: Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.
The patch adds proper input validation.
Acknowledgement: 011100101001


SVE-2024-2415(CVE-2025-20972): Improper verification of intent by broadcast receiver in Samsung Flow

Severity: Moderate
Resolved version: 4.9.17.6
Reported on: December 22, 2024
Description: Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.
The patch adds access control.
Acknowledgement: 011100101001


SVE-2025-0101(CVE-2025-20973): Improper authentication in Secure Folder

Severity: High
Resolved version: 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14
Reported on: January 18, 2025
Description: Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.
The patch adds proper access control.
Acknowledgement: Joshua Birger


SVE-2025-0129(CVE-2025-20974): Improper handling of insufficient permission in PackageInstallerCN

Severity: Moderate
Resolved version: 15.0.11.0
Reported on: January 24, 2025
Description: Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.
The patch adds proper access control.
Acknowledgement: 开元米粉实力代购


SVE-2025-0289(CVE-2025-20975): Improper Export of Android Application Components in AODService

Severity: Moderate
Resolved version: 8.8.28.12
Reported on: February 18, 2025
Description: Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege.
The patch adds proper access control.
Acknowledgement: Dawuge of Shuffle Team


SVE-2025-0325(CVE-2025-20976): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.29.23
Reported on: February 26, 2025
Description: Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.
The patch adds proper boundary check.


SVE-2025-0366(CVE-2025-20977): Use of implicit intent for sensitive communication in translation in Samsung Notes

Severity: Moderate
Resolved version: 4.4.29.23
Reported on: March 5, 2025
Description: Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
The patch fixes implicit intent to explicit intent.
Acknowledgement: Illia Khorolskyi


SVE-2025-0369(CVE-2025-20978): Improper access control in PENUP

Severity: Moderate
Resolved version: 3.9.19.32
Reported on: March 5, 2025
Description: Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege.
The patch removes unused code.
Acknowledgement: blunt


Other Software Updates

SVE-2025-0691(CVE-2025-20979): Out-of-bounds write in libsavscmn

Severity: High
Resolved version: Android 15
Reported on: April 28, 2025
Description: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
The patch adds proper input validation.


SVE-2025-0692(CVE-2025-20980): Out-of-bounds write in libsavscmn

Severity: Moderate
Resolved version: Android 15
Reported on: April 28, 2025
Description: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
The patch adds proper input validation.


Android Applications Updates

SVE-2024-2301(CVE-2025-20950): Use of implicit intent for sensitive communication in SamsungNotes

Severity: Moderate
Resolved version: 4.4.26.45
Reported on: December 7, 2024
Description: Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information.
The patch adds proper validation.
Acknowledgement: 011100101001


SVE-2025-0229(CVE-2025-20951): Improper verification of intent by broadcast receiver vulnerability in Galaxy Store

Severity: Moderate
Resolved version: 4.5.90.7
Reported on: February 9, 2025
Description: Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
The patch removes unnecessary implementation.
Acknowledgement: Dawuge of Shuffle Team


Android Applications Updates

SVE-2024-0628(CVE-2025-20913): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0629(CVE-2025-20914): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0630(CVE-2025-20915): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0631(CVE-2025-20916): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in reading string of SPen Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0632(CVE-2025-20917): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying binary of pdf content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0633(CVE-2025-20918): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying extra data of base content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0634(CVE-2025-20919): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying binary of video content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0636(CVE-2025-20920): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in action link data in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0637(CVE-2025-20921): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0661(CVE-2025-20922): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: March 19, 2024
Description: Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
The patch adds proper input validation.


SVE-2024-0983(CVE-2025-20923): Improper access control in Galaxy Wearable

Severity: Moderate
Resolved version: 2.2.61.24112961
Reported on: April 20, 2024
Description: Improper access control in Galaxy Wearable prior to version 2.2.61.24112961 allows local attackers to launch arbitrary activity with Galaxy Wearable privilege.
The patch adds proper access control.
Acknowledgement: Dawuge


SVE-2024-1303(CVE-2025-20927): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: June 17, 2024
Description: Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.
The patch adds proper length check.


SVE-2024-1426(CVE-2025-20928): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: July 11, 2024
Description: Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.
The patch adds proper length check.
Acknowledgement: Giovanni Di Santi, Alex Birnberg


SVE-2024-1522(CVE-2025-20924): Improper access control in Samsung Notes

Severity: High
Resolved version: 4.4.26.71
Reported on: July 31, 2024
Description: Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles.
The patch adds proper access control.
Acknowledgement: Sam of Honor Cyber Security Lab


SVE-2024-1637(CVE-2025-20930, CVE-2025-20929): Out-of-bounds read in Samsung Notes

Severity: High
Resolved version: 4.4.26.71
Reported on: August 19, 2024
Description: Out-of-bounds read and write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory and execute arbitrary code.
The patch adds proper input validation.


SVE-2024-1704(CVE-2025-20925): Out-of-bounds read in Samsung Notes

Severity: Moderate
Resolved version: 4.4.26.71
Reported on: August 30, 2024
Description: Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory.
The patch adds proper input validation.
Acknowledgement: Ye Zhang @VAR10CK of Baidu Security


SVE-2024-1723(CVE-2025-20933, CVE-2025-20932, CVE-2025-20931): Out-of-bounds read in Samsung Notes

Severity: High
Resolved version: 4.4.26.71
Reported on: September 2, 2024
Description: Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
The patch adds proper input validation.


SVE-2024-2146(CVE-2025-20926): Improper export of Android application components in My Files

Severity: Moderate
Resolved version: 15.0.07.5
Reported on: November 11, 2024
Description: Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege.
The patch adds proper access control.
Acknowledgement: Ken Gannon


Android Applications Updates

SVE-2024-1904(CVE-2025-20901): Out-of-bounds read in Blockchain Keystore

Severity: Moderate
Resolved version: 1.3.16.5
Reported on: September 30, 2024
Description: Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.
The patch adds proper input validation.
Acknowledgement: Dawuge


SVE-2024-1601(CVE-2025-20895): Authentication Bypass Using an Alternate Path in Galaxy Store

Severity: Moderate
Resolved version: 4.5.87.6
Reported on: August 12, 2024
Description: Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
The patch adds proper access control.
Acknowledgement: RAJESH PORKODI


SVE-2024-1621(CVE-2025-20894): Improper access control in Samsung Email

Severity: High
Resolved version: 6.1.97.1
Reported on: August 15, 2024
Description: Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.
The patch adds proper access control.
Acknowledgement: Sam of Honor Cyber Security Lab


SVE-2024-1752(CVE-2025-20896): Use of implicit intent for sensitive communication in EasySetup

Severity: Moderate
Resolved version: 11.1.18
Reported on: September 6, 2024
Description: Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.
The patch adds proper validation.
Acknowledgement: Dawuge


SVE-2024-1755(CVE-2025-20897): Improper access control in Secure Folder

Severity: High
Resolved version: 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12
Reported on: September 6, 2024
Description: Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.
The patch adds proper access control.
Acknowledgement: Dawuge


SVE-2024-1772(CVE-2025-20898): Improper input validation in Samsung Members

Severity: High
Resolved version: 5.2.00.12
Reported on: September 8, 2024
Description: Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.
The patch adds proper input validation logic.
Acknowledgement: Sam of Honor Cyber Security Lab


SVE-2024-1883(CVE-2025-20899): Improper access control in PushNotification

Severity: Moderate
Resolved version: 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14
Reported on: September 26, 2024
Description: Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.
The patch removes unnecessary implementation.
Acknowledgement: 刘晓峰


SVE-2024-1888(CVE-2025-20900): Out-of-bounds write in Blockchain Keystore

Severity: High
Resolved version: 1.3.16.5
Reported on: September 27, 2024
Description: Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.
The patch adds proper input validation.
Acknowledgement: Dawuge


Other Software Updates

SVE-2024-0968(CVE-2025-20902): Improper access control in Media Controller

Severity: Moderate
Resolved version: 1.0.24.5282
Reported on: April 20, 2024
Description: Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController's privilege.
The patch adds proper access control.
Acknowledgement: khilli