Cyber Posture

CVE-2025-20881

High

Published: 04 February 2025

Published
04 February 2025
Modified
12 February 2025
KEV Added
Patch
CVSS Score 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20881 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely remediation of flaws like the out-of-bounds write in libsthmbc.so by applying the Samsung SMR Jan-2025 Release 1 patch.

SI-16 Memory Protection good match
prevent

SI-16 implements memory protection mechanisms such as address space layout randomization and non-executable memory to block exploitation of the out-of-bounds write vulnerability.

SI-10 Information Input Validation partial match
prevent

SI-10 enforces validation of video frame inputs to libsthmbc.so, reducing the risk of malformed decoded frames triggering the out-of-bounds write.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Out-of-bounds write in media library directly enables local arbitrary code execution leading to elevated privileges (T1068) and client-side execution via crafted input (T1203).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Deeper analysisAI

CVE-2025-20881 is an out-of-bounds write vulnerability in the libsthmbc.so library, specifically when accessing the buffer that stores decoded video frames. This issue affects the library in versions prior to the Samsung Monthly Release (SMR) Jan-2025 Release 1. Classified under CWE-787, it has a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H), indicating high confidentiality, integrity, and availability impacts.

Local attackers with no required privileges can exploit this vulnerability, but it demands high attack complexity and user interaction to trigger. Successful exploitation enables arbitrary code execution with elevated privileges on the affected device.

Samsung's security advisory for January 2025, available at https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01, details the patch in SMR Jan-2025 Release 1, recommending users apply the update to mitigate the risk.

Details

CWE(s)
CWE-787

Affected Products

samsung
android
12.0, 13.0, 14.0

CVEs Like This One

CVE-2025-20890Same product: Samsung Android
CVE-2025-21042Same product: Samsung Android
CVE-2025-20888Same product: Samsung Android
CVE-2025-20882Same product: Samsung Android
CVE-2025-21043Same product: Samsung Android
CVE-2026-20979Same product: Samsung Android
CVE-2026-20983Same product: Samsung Android
CVE-2026-21010Same product: Samsung Android
CVE-2026-20971Same product: Samsung Android
CVE-2026-20970Same product: Samsung Android

References