CVE-2025-20906

2/4/2025 8:15:32 AM

یک ماه قبل

Reporter :mobile.security@samsung.com

Modified :2/4/2025 8:15:32 AM

Problem Data :N/A

Description

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB.

Cvss Version 3.1

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector	Local
Attack Complexity	Low
Privileges Required	Low
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	None
Availability Impact	None

EPSS

Epss Score	0
Epss Percentile	0

Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.

Reference

لینک	منبع	تگ ها
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=02