ZDI-26-224
MEDIUM 6.3
Published
Mar 23, 2026
Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
Samsung
This vulnerability in Samsung Galaxy S25 allows unauthenticated remote attackers to execute arbitrary scripts on affected devices, potentially compromising user data and device functionality. The medium severity rating (CVSS 6.3) indicates a meaningful risk that should not be ignored despite not being critical. Security teams should prioritize deploying Samsung's security patches and advise users to update their Galaxy S25 devices immediately, particularly those handling sensitive information.