How to fix CVE-2025-20989?

Within 30 days: Identify affected systems running fingerprint trustlet and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Android affected by CVE-2025-20989?

Organizations using fingerprint trustlet should be aware of moderate risk from CVE-2025-20989 rated CVSS 5.2. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-20989

EUVD-2025-16831 MEDIUM

2025-06-04 [email protected]

5.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16831

CVE Published

Jun 04, 2025 - 05:15 nvd

MEDIUM 5.2

Description

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.

Analysis

A security vulnerability in fingerprint trustlet (CVSS 5.2) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Technical Context

Vulnerability type not specified by vendor. Affects fingerprint trustlet.

Affected Products

['fingerprint trustlet']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: 0

CVE-2025-20989 vulnerability details – vuln.today

Back

CVE-2025-20989

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-20989

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code