Galaxy Store <4.5.90.7: Intent Verification Flaw Allows Local File Write
CVE-2025-20951 Published on April 8, 2025

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

NVD

Vulnerability Analysis

CVE-2025-20951 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

LOW

Products Associated with CVE-2025-20951

Want to know whenever a new CVE is published for Samsung Galaxy Store? stack.watch will email you.

Samsung Galaxy Store

Affected Versions

Samsung Mobile Galaxy Store Version 4.5.90.7 is unaffected by CVE-2025-20951

Exploit Probability

EPSS

0.08%

Percentile

23.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Galaxy Store <4.5.90.7: Intent Verification Flaw Allows Local File WriteCVE-2025-20951 Published on April 8, 2025

Vulnerability Analysis

Products Associated with CVE-2025-20951

Affected Versions

Exploit Probability

Galaxy Store <4.5.90.7: Intent Verification Flaw Allows Local File Write
CVE-2025-20951 Published on April 8, 2025