CVE-2025-20898 – This vulnerability in Samsung Members app allow... (How to Fix)

Q: What is the severity of CVE-2025-20898?

CVE-2025-20898 has a CVSS score of 4.6 (MEDIUM). This vulnerability in Samsung Members app allows physical attackers to bypass user profile isolation and access data from other user profiles on the same device. It affects Samsung devices with multiple user profiles configured. The attack requires physical access to the device.

📋 TL;DR

This vulnerability in Samsung Members app allows physical attackers to bypass user profile isolation and access data from other user profiles on the same device. It affects Samsung devices with multiple user profiles configured. The attack requires physical access to the device.

💻 Affected Systems

Products:

Samsung Members app

Versions: Versions prior to 5.2.00.12

Operating Systems: Android (Samsung devices)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with multiple user profiles configured. Samsung Members app comes pre-installed on most Samsung Android devices.

📦 What is this software?

Members by Samsung

View all CVEs affecting Members →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could access sensitive personal data, authentication tokens, or private files from other user profiles on the same device, potentially leading to identity theft or data breach.

🟠

Likely Case

Limited data exposure from other user profiles on shared or lost/stolen devices, potentially exposing personal information, messages, or app data.

🟢

If Mitigated

With proper device security controls (screen locks, encryption), the impact is reduced as physical access would still require authentication bypass.

🌐 Internet-Facing: LOW - This is a local physical access vulnerability, not remotely exploitable.

🏢 Internal Only: MEDIUM - Requires physical device access, but could impact shared or corporate devices with multiple user profiles.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires physical access to the device and knowledge of the vulnerability. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.2.00.12

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01

Restart Required: No

Instructions:

1. Open Google Play Store on Samsung device. 2. Search for 'Samsung Members'. 3. Update to version 5.2.00.12 or later. 4. Alternatively, update through Samsung Galaxy Store if available.

🔧 Temporary Workarounds

Disable Samsung Members app

android

Temporarily disable the vulnerable app until patched

adb shell pm disable-user --user 0 com.samsung.android.voc

Remove user profiles

android

Remove additional user profiles to eliminate attack surface

Settings > Users & accounts > Users > Remove user

🧯 If You Can't Patch

Implement strong device authentication (PIN/pattern/password/biometric) to prevent unauthorized physical access
Disable or restrict Samsung Members app permissions in device settings

🔍 How to Verify

Check if Vulnerable:

Check Samsung Members app version in device settings: Settings > Apps > Samsung Members > App info

Check Version:

adb shell dumpsys package com.samsung.android.voc | grep versionName

Verify Fix Applied:

Confirm Samsung Members app version is 5.2.00.12 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Samsung Members app
Multiple user profile switching in short time

Network Indicators:

None - local vulnerability only

SIEM Query:

app:Samsung_Members AND (event:profile_switch OR event:permission_escalation)

📊 Metadata

CVE ID: CVE-2025-20898

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: February 4, 2025

Last Updated: July 17, 2025

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON