Vulnerability Database

325,648

Total vulnerabilities in the database

CVE-2025-20952

Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.

  • Published: Apr 9, 2025
  • Updated: Nov 16, 2025
  • CVE: CVE-2025-20952
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
samsung / android 15.0-smr-feb-2025-r1 15.0-smr-feb-2025-r1.x
samsung / android 15.0-smr-jan-2025-r1 15.0-smr-jan-2025-r1.x
samsung / android 15.0-smr-mar-2025-r1 15.0-smr-mar-2025-r1.x