Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2025
CVE-2025-20972
Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20960
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20961
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20962
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20963
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20964
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20965
Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20949
Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-05-07
CVE-2025-20953
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-05-07
CVE-2025-20954
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved