CVE-2025-20916
Published: 06 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-20916 is an out-of-bounds read vulnerability in the Samsung Notes application, specifically affecting versions prior to 4.4.26.71. The flaw occurs during the reading of an S Pen-related string, allowing attackers to access memory outside the intended bounds, as classified under CWE-125. Published on March 6, 2025, it carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating a medium-severity issue with high confidentiality impact but no integrity or availability disruption.
A local attacker with low privileges can exploit this vulnerability without user interaction. By triggering the faulty string read in the S Pen handling code, the attacker gains read access to out-of-bounds memory, potentially exposing sensitive data such as other process memory contents, user information, or application internals.
Samsung's security advisory, available at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03, details the issue and recommends updating Samsung Notes to version 4.4.26.71 or later to mitigate the vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The out-of-bounds read in Samsung Notes directly enables unauthorized access to memory contents on the local system, facilitating collection of sensitive data such as process memory or user information.