Cyber Resilience

CVE-2025-20881

High

Published: 04 February 2025

Published
04 February 2025
Modified
12 February 2025
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20881 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-20881 is an out-of-bounds write vulnerability in the libsthmbc.so library, specifically when accessing the buffer that stores decoded video frames. This issue affects the library in versions prior to the Samsung Monthly Release (SMR) Jan-2025 Release 1. Classified under CWE-787, it has a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H), indicating high confidentiality, integrity, and availability impacts.

Local attackers with no required privileges can exploit this vulnerability, but it demands high attack complexity and user interaction to trigger. Successful exploitation enables arbitrary code execution with elevated privileges on the affected device.

Samsung's security advisory for January 2025, available at https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01, details the patch in SMR Jan-2025 Release 1, recommending users apply the update to mitigate the risk.

EU & UK References

Vulnerability details

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write in media library directly enables local arbitrary code execution leading to elevated privileges (T1068) and client-side execution via crafted input (T1203).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21042Same product: Samsung Android
CVE-2025-20882Same product: Samsung Android
CVE-2025-20888Same product: Samsung Android
CVE-2025-20890Same product: Samsung Android
CVE-2025-21043Same product: Samsung Android
CVE-2026-20983Same product: Samsung Android
CVE-2025-20903Same product: Samsung Android
CVE-2026-20979Same product: Samsung Android
CVE-2026-21010Same product: Samsung Android
CVE-2026-20971Same product: Samsung Android

Affected Assets

samsung
android
12.0, 13.0, 14.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of flaws like the out-of-bounds write in libsthmbc.so by applying the Samsung SMR Jan-2025 Release 1 patch.

prevent

SI-16 implements memory protection mechanisms such as address space layout randomization and non-executable memory to block exploitation of the out-of-bounds write vulnerability.

prevent

SI-10 enforces validation of video frame inputs to libsthmbc.so, reducing the risk of malformed decoded frames triggering the out-of-bounds write.

References