Cyber Posture

CVE-2025-20922

Medium

Published: 06 March 2025

Published
06 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0023 45.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20922 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Samsung Notes. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, reporting, and timely remediation of flaws such as the out-of-bounds read in Samsung Notes by applying patches like version 4.4.26.71.

SI-16 Memory Protection good match
prevent

Implements runtime memory protections like address space layout randomization and guard pages to prevent unauthorized out-of-bounds memory reads by local attackers.

SI-10 Information Input Validation partial match
prevent

Enforces validation of text inputs to the appending paragraph function to avoid malformed data triggering out-of-bounds memory access.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Out-of-bounds read enables local attacker to access and read sensitive memory contents containing confidential data or app internals, directly facilitating data collection from local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Deeper analysisAI

CVE-2025-20922 is an out-of-bounds read vulnerability (CWE-125) affecting Samsung Notes versions prior to 4.4.26.71. The flaw occurs in the appending text paragraph functionality, allowing attackers to access memory outside the intended bounds. Published on 2025-03-06, it has a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.

A local attacker with low privileges on the affected device can exploit this vulnerability. Exploitation requires low complexity and no user interaction, enabling the attacker to read sensitive out-of-bounds memory contents, potentially exposing confidential data such as user information or application internals.

Samsung's security advisory provides details on the issue, with the vulnerability fixed in Samsung Notes version 4.4.26.71. Mitigation involves updating to this version or later. See https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 for full advisory information.

Details

CWE(s)
CWE-125

Affected Products

samsung
notes
≤ 4.4.26.71

CVEs Like This One

CVE-2025-20920Same product: Samsung Notes
CVE-2025-20918Same product: Samsung Notes
CVE-2025-20914Same product: Samsung Notes
CVE-2025-20915Same product: Samsung Notes
CVE-2025-20916Same product: Samsung Notes
CVE-2025-20919Same product: Samsung Notes
CVE-2025-20921Same product: Samsung Notes
CVE-2025-20917Same product: Samsung Notes
CVE-2025-20931Same product: Samsung Notes
CVE-2025-20929Same product: Samsung Notes

References