CVE-2025-20921

Medium

Published: 06 March 2025

Published

06 March 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0023 45.8th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Security Summary

CVE-2025-20921 is an out-of-bounds read vulnerability (CWE-125) affecting Samsung Notes versions prior to 4.4.26.71. The flaw occurs during the application of binary data to text content, enabling attackers to access memory outside the intended boundaries.

Exploitation requires local access, low attack complexity, and low privileges, with no user interaction needed. A successful attack yields high confidentiality impact by disclosing sensitive out-of-bounds memory contents, while integrity and availability remain unaffected (CVSS 5.5: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Samsung's security advisory for March 2025, accessible at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03, addresses the issue, with mitigation achieved by updating to Samsung Notes version 4.4.26.71 or later.

Details

CWE(s): CWE-125

Affected Products

samsung

notes

≤ 4.4.26.71

MITRE ATT&CK Enterprise Techniques

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v19.0

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03
Vendor Advisory · mobile.security@samsung.com