CVE-2025-20924 – A physical access control vulnerability in Sams... (How to Fix)

Q: What is the severity of CVE-2025-20924?

CVE-2025-20924 has a CVSS score of 4.6 (MEDIUM). A physical access control vulnerability in Samsung Notes allows attackers with physical device access to bypass user profile isolation and access data from other user profiles on the same device. This affects Samsung device users with multiple profiles who haven't updated Samsung Notes to version 4.4.26.71 or later.

📋 TL;DR

A physical access control vulnerability in Samsung Notes allows attackers with physical device access to bypass user profile isolation and access data from other user profiles on the same device. This affects Samsung device users with multiple profiles who haven't updated Samsung Notes to version 4.4.26.71 or later.

💻 Affected Systems

Products:

Samsung Notes

Versions: All versions prior to 4.4.26.71

Operating Systems: Android (Samsung devices)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with multiple user profiles configured. Samsung mobile devices running Android with Samsung Notes installed.

📦 What is this software?

Notes by Samsung

View all CVEs affecting Notes →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attacker gains access to sensitive personal data, notes, and files from other user profiles on a shared device, potentially exposing confidential information.

🟠

Likely Case

Unauthorized access to notes and files from other user profiles when device is left unattended or shared among multiple users.

🟢

If Mitigated

Limited impact with proper physical security controls and updated software.

🌐 Internet-Facing: LOW - Requires physical access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical access required, but could impact shared devices in organizations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires physical device access but no technical expertise.

Exploitation requires physical access to unlocked device or ability to unlock device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.26.71

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03

Restart Required: No

Instructions:

1. Open Galaxy Store or Google Play Store on Samsung device. 2. Search for 'Samsung Notes'. 3. Update to version 4.4.26.71 or later. 4. Ensure automatic updates are enabled for future patches.

🔧 Temporary Workarounds

Disable Samsung Notes

android

Temporarily disable Samsung Notes app to prevent exploitation.

Settings > Apps > Samsung Notes > Disable

Use Single User Profile

android

Remove additional user profiles to eliminate attack surface.

Settings > Users and accounts > Users > Remove unwanted profiles

🧯 If You Can't Patch

Implement strict physical security controls for devices
Use device encryption and strong authentication methods

🔍 How to Verify

Check if Vulnerable:

Check Samsung Notes version in app settings or device app manager.

Check Version:

Settings > Apps > Samsung Notes > App info > Version

Verify Fix Applied:

Confirm Samsung Notes version is 4.4.26.71 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns between user profiles
Multiple failed authentication attempts

Network Indicators:

Not applicable - local physical access vulnerability

SIEM Query:

Not applicable for this physical access vulnerability

📊 Metadata

CVE ID: CVE-2025-20924

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score: 0.05% exploit probability (15.7th percentile)

Published: March 6, 2025

Last Updated: July 16, 2025

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON