Login Sign Up

CVE-2025-20940

4.0 MEDIUM

📋 TL;DR

This vulnerability in Samsung Device Health Manager Service allows local attackers to bypass permission checks and access provider components. It affects Samsung devices running versions prior to the April 2025 security update. Attackers need local access to the device to exploit this flaw.

💻 Affected Systems

Products:
  • Samsung mobile devices
Versions: Versions prior to SMR Apr-2025 Release 1
Operating Systems: Android with Samsung Device Health Manager Service
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samsung devices with the vulnerable version of Device Health Manager Service. Requires local access to exploit.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could access sensitive device health data, potentially leading to information disclosure about device status, performance metrics, or other protected health-related information.

🟠

Likely Case

Limited information disclosure of non-critical device health metrics or service data accessible through the SDMHS provider.

🟢

If Mitigated

With proper permission controls and updated software, the vulnerability is eliminated, preventing unauthorized access to the service provider.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with local access could exploit this to access protected device health information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the device. No public exploit code has been identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Apr-2025 Release 1

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install the April 2025 security update. 3. Restart the device after installation completes.

🔧 Temporary Workarounds

Disable Device Health Manager Service

android

Temporarily disable the vulnerable service to prevent exploitation

adb shell pm disable-user --user 0 com.samsung.android.sm.devicehealth

🧯 If You Can't Patch

  • Restrict physical access to devices
  • Implement application whitelisting to prevent malicious apps from running

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Software information. If before April 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'April 1, 2025' or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Device Health Manager Service provider
  • Permission denial logs for SDMHS components

Network Indicators:

  • Local inter-process communication attempts to SDMHS

SIEM Query:

Process execution of apps attempting to access com.samsung.android.sm.devicehealth provider without proper permissions

📊 Metadata

CVE ID: CVE-2025-20940
CVSS v3 Score: 4.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score: 0.08% exploit probability (24.4th percentile)
Published: April 8, 2025
Last Updated: April 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON