Cyber Resilience

CVE-2025-20931

High

Published: 06 March 2025

Published
06 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0009 26.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20931 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Notes. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-20931 is an out-of-bounds write vulnerability (CWE-787) in the BMP image parsing functionality of the Samsung Notes application, affecting versions prior to 4.4.26.71. Published on 2025-03-06, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact with low confidentiality and availability effects.

Local attackers can exploit this vulnerability by supplying a maliciously crafted BMP image to Samsung Notes. With low attack complexity, no privileges or user interaction required, exploitation enables arbitrary code execution on the local system.

Samsung's security advisory for March 2025, available at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03, addresses the vulnerability and mitigation through updates to Samsung Notes version 4.4.26.71 or later.

EU & UK References

Vulnerability details

Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write in client app (Samsung Notes) BMP parser enables arbitrary code execution on local system with no user interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-20929Same product: Samsung Notes
CVE-2025-20916Same product: Samsung Notes
CVE-2025-21042Same vendor: Samsung
CVE-2025-20918Same product: Samsung Notes
CVE-2025-20922Same product: Samsung Notes
CVE-2025-20915Same product: Samsung Notes
CVE-2025-20914Same product: Samsung Notes
CVE-2025-20919Same product: Samsung Notes
CVE-2025-20917Same product: Samsung Notes
CVE-2025-20921Same product: Samsung Notes

Affected Assets

samsung
notes
≤ 4.4.26.71

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mandates identifying, prioritizing, and applying patches such as the Samsung Notes update to 4.4.26.71 that remediates the out-of-bounds write in BMP parsing.

prevent

Implements memory protection mechanisms like ASLR and DEP to prevent arbitrary code execution from out-of-bounds write exploits in image parsing.

prevent

Requires validation of BMP image inputs to the Samsung Notes application to block malformed files that trigger the out-of-bounds write vulnerability.

References