SB2025120327 - Multiple vulnerabilities in Samsung products

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025120327

SB2025120327 - Multiple vulnerabilities in Samsung products

Published: December 3, 2025

Security Bulletin ID SB2025120327
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2025-58481)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in MPRemoteService. A local user can bypass implemented security restrictions and start privileged service.


2) Improper access control (CVE-ID: CVE-2025-58482)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in MPLocalService. A local user can bypass implemented security restrictions and start privileged service.


3) Improper export of android application components (CVE-ID: CVE-2025-58483)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper export of Android application components. A local attacker can install arbitrary application on Galaxy Store.


4) Incorrect default permissions (CVE-ID: CVE-2025-58484)

The vulnerability allows a local attacker to gain access to sensitive information on the system.

The vulnerability exists due to incorrect default permissions. A local attacker can access partial data in sandbox.


5) Input validation error (CVE-ID: CVE-2025-58485)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and inject arbitrary script.


6) Input validation error (CVE-ID: CVE-2025-58486)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can pass specially crafted input to the application and inject arbitrary script.


7) Improper Authorization (CVE-ID: CVE-2025-58487)

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to improper authorization. A local attacker can launch arbitrary activity with Samsung Account privilege.


8) Improper Verification of Source of a Communication Channel (CVE-ID: CVE-2025-58488)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to improper verification of source of a communication channel. A remote administrator can gain access to sensitive information.


Remediation

Install update from vendor's website.

References