Cyber Resilience

CVE-2025-20920

Medium

Published: 06 March 2025

Published
06 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0023 46.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20920 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Samsung Notes. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 46.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-20920 is an out-of-bounds read vulnerability (CWE-125) in the action link data processing of the Samsung Notes application, affecting versions prior to 4.4.26.71. Published on 2025-03-06, this flaw enables attackers to access memory outside the intended boundaries when handling malformed action link data.

The vulnerability carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating it can be exploited by a local attacker with low privileges and low complexity, requiring no user interaction. Successful exploitation allows the attacker to disclose sensitive information from out-of-bounds memory reads, resulting in high confidentiality impact but no impairment to integrity or availability.

Samsung's security advisory for March 2025, accessible at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03, addresses this issue, with mitigation achieved by updating Samsung Notes to version 4.4.26.71 or later.

EU & UK References

Vulnerability details

Out-of-bounds read in action link data in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

The out-of-bounds read vulnerability in Samsung Notes enables local disclosure of sensitive information from memory, directly facilitating data collection from local system sources.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-20916Same product: Samsung Notes
CVE-2025-20918Same product: Samsung Notes
CVE-2025-20922Same product: Samsung Notes
CVE-2025-20915Same product: Samsung Notes
CVE-2025-20914Same product: Samsung Notes
CVE-2025-20919Same product: Samsung Notes
CVE-2025-20917Same product: Samsung Notes
CVE-2025-20921Same product: Samsung Notes
CVE-2025-20931Same product: Samsung Notes
CVE-2025-20929Same product: Samsung Notes

Affected Assets

samsung
notes
≤ 4.4.26.71

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of action link data inputs to reject malformed data that triggers the out-of-bounds read vulnerability.

prevent

Implements memory protection safeguards to enforce boundaries and prevent unauthorized out-of-bounds memory access.

prevent

Mandates timely flaw remediation by updating Samsung Notes to version 4.4.26.71 or later to eliminate the out-of-bounds read vulnerability.

References