Cyber Resilience

CVE-2025-20888

High

Published: 04 February 2025

Published
04 February 2025
Modified
12 February 2025
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20888 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-20888 is an out-of-bounds write vulnerability in the handling of block size for smp4vtd within libsthmbc.so, affecting versions prior to the SMR Jan-2025 Release 1. This flaw, classified under CWE-787, enables local attackers to execute arbitrary code with elevated privileges. The vulnerability carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H), indicating high confidentiality, integrity, and availability impacts under specific local access conditions.

A local attacker can exploit this vulnerability by triggering the out-of-bounds write, requiring user interaction and high attack complexity but no prior privileges. Successful exploitation allows the attacker to execute arbitrary code with elevated privileges on the affected system.

Samsung's security advisory for the January 2025 updates, available at https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01, addresses this issue through the SMR Jan-2025 Release 1 patch, recommending users apply the update to mitigate the vulnerability.

EU & UK References

Vulnerability details

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Out-of-bounds write enables local arbitrary code execution with elevated privileges via direct exploitation of the vulnerable library component.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20882Same product: Samsung Android
CVE-2025-20890Same product: Samsung Android
CVE-2025-20881Same product: Samsung Android
CVE-2025-21042Same product: Samsung Android
CVE-2026-20983Same product: Samsung Android
CVE-2025-20903Same product: Samsung Android
CVE-2026-20979Same product: Samsung Android
CVE-2025-21043Same product: Samsung Android
CVE-2026-21010Same product: Samsung Android
CVE-2026-20971Same product: Samsung Android

Affected Assets

samsung
android
12.0, 13.0, 14.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identification, reporting, and correction of flaws like this out-of-bounds write via timely patching, as recommended in Samsung's SMR Jan-2025 Release 1 advisory.

prevent

Implements memory safeguards such as DEP and ASLR to protect against arbitrary code execution resulting from the out-of-bounds write vulnerability.

prevent

Requires validation of block size inputs to the smp4vtd handler in libsthmbc.so, preventing out-of-bounds writes from malformed or oversized values.

References