Skip to main content

Wear Os CVE-2025-20984

| EUVDEUVD-2025-16836 MEDIUM
Incorrect Default Permissions (CWE-276)
2025-06-04 mobile.security@samsung.com
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:29 euvd
EUVD-2025-16836
Analysis Generated
Mar 14, 2026 - 17:29 vuln.today
CVE Published
Jun 04, 2025 - 05:15 nvd
MEDIUM 6.8

DescriptionCVE.org

Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.

Analysis

Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Incorrect Default Permissions (CWE-276).

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

CVE-2025-20946 HIGH
8.8 Apr 08

Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prio

CVE-2025-20912 MEDIUM
6.2 Mar 06

Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data withi

CVE-2025-20910 MEDIUM
6.2 Mar 06

Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access da

CVE-2025-20997 MEDIUM
6.2 Jul 08

A security vulnerability in Framework for Galaxy Watch (CVSS 6.2) that allows local attackers. Remediation should follow

CVE-2025-21004 MEDIUM
6.2 Jul 08

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allo

CVE-2025-20986 MEDIUM
5.5 Jun 04

A security vulnerability in ScreenCapture for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should fo

CVE-2025-20998 MEDIUM
5.5 Jul 08

A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should f

CVE-2024-34613 MEDIUM
5.5 Aug 07

Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive infor

CVE-2025-20939 MEDIUM
5.4 Apr 08

Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical att

CVE-2025-20911 MEDIUM
4.4 Mar 06

Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update

CVE-2025-20956 MEDIUM
4.3 May 07

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows phy

CVE-2022-24930 LOW
3.3 Mar 10

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Releas

Share

CVE-2025-20984 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy