CVE-2025-20931

High

Published: 06 March 2025

Published

06 March 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

EPSS Score 0.0009 25.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20931 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Notes. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly mandates identifying, prioritizing, and applying patches such as the Samsung Notes update to 4.4.26.71 that remediates the out-of-bounds write in BMP parsing.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like ASLR and DEP to prevent arbitrary code execution from out-of-bounds write exploits in image parsing.

SI-10 Information Input Validation good match

prevent

Requires validation of BMP image inputs to the Samsung Notes application to block malformed files that trigger the out-of-bounds write vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Out-of-bounds write in client app (Samsung Notes) BMP parser enables arbitrary code execution on local system with no user interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Deeper analysisAI

CVE-2025-20931 is an out-of-bounds write vulnerability (CWE-787) in the BMP image parsing functionality of the Samsung Notes application, affecting versions prior to 4.4.26.71. Published on 2025-03-06, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact with low confidentiality and availability effects.

Local attackers can exploit this vulnerability by supplying a maliciously crafted BMP image to Samsung Notes. With low attack complexity, no privileges or user interaction required, exploitation enables arbitrary code execution on the local system.

Samsung's security advisory for March 2025, available at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03, addresses the vulnerability and mitigation through updates to Samsung Notes version 4.4.26.71 or later.

Details

CWE(s): CWE-787

Affected Products

samsung

notes

≤ 4.4.26.71

CVEs Like This One

CVE-2025-20929Same product: Samsung Notes

CVE-2025-21042Same vendor: Samsung

CVE-2025-20920Same product: Samsung Notes

CVE-2025-20918Same product: Samsung Notes

CVE-2025-20914Same product: Samsung Notes

CVE-2025-20922Same product: Samsung Notes

CVE-2025-20921Same product: Samsung Notes

CVE-2025-20917Same product: Samsung Notes

CVE-2025-20915Same product: Samsung Notes

CVE-2025-20916Same product: Samsung Notes

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03
Vendor Advisory · mobile.security@samsung.com