CVE-2025-20882

High

Published: 04 February 2025

Published

04 February 2025

Modified

12 February 2025

KEV Added

—

Patch

—

CVSS Score 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0006 19.6th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20882 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like address space randomization, stack guards, and non-executable memory to directly prevent out-of-bounds writes and arbitrary code execution from uninitialized memory access.

SI-2 Flaw Remediation good match

prevent

Requires timely flaw remediation through patching, such as applying Samsung's SMR Jan-2025 Release 1, to eliminate the specific out-of-bounds write vulnerability in libsthmbc.so.

AC-6 Least Privilege partial match

prevent

Enforces least privilege on the svc1td process to restrict the scope and impact of privilege escalation from successful arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Out-of-bounds write enabling local arbitrary code execution with elevated privileges directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Deeper analysisAI

CVE-2025-20882 is an out-of-bounds write vulnerability (CWE-787) in the svc1td component of libsthmbc.so, affecting Samsung devices prior to the SMR Jan-2025 Release 1. The flaw occurs when accessing uninitialized memory, which can be exploited to execute arbitrary code with elevated privileges. It carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

Local attackers with no privileges can exploit this vulnerability, but it requires user interaction to trigger and involves high attack complexity. Successful exploitation allows arbitrary code execution with privileges, potentially leading to full device compromise if the attacker gains persistent local access.

Samsung's security advisory for the January 2025 monthly release details the patch in SMR Jan-2025 Release 1, recommending that users apply the update to mitigate the issue.

Details

CWE(s): CWE-787

Affected Products

samsung

android

12.0, 13.0, 14.0

CVEs Like This One

CVE-2025-20890Same product: Samsung Android

CVE-2025-20888Same product: Samsung Android

CVE-2025-20881Same product: Samsung Android

CVE-2025-21042Same product: Samsung Android

CVE-2026-20979Same product: Samsung Android

CVE-2026-20983Same product: Samsung Android

CVE-2025-21043Same product: Samsung Android

CVE-2026-21010Same product: Samsung Android

CVE-2026-20971Same product: Samsung Android

CVE-2026-20970Same product: Samsung Android

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01
Vendor Advisory · mobile.security@samsung.com