Login Sign Up

CVE-2025-20946

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows local attackers to pair with specific Bluetooth devices on Galaxy Watches without user interaction. It affects Galaxy Watch devices running software versions prior to the April 2025 security maintenance release. Attackers must be within Bluetooth range to exploit this flaw.

💻 Affected Systems

Products:
  • Samsung Galaxy Watch
Versions: All versions prior to SMR Apr-2025 Release 1
Operating Systems: Wear OS with Samsung modifications
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects pairing with specific Bluetooth devices - not all Bluetooth connections. Requires attacker to have compatible vulnerable Bluetooth device.

📦 What is this software?

Wear Os by Samsung

View all CVEs affecting Wear Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could pair malicious Bluetooth devices to the watch, potentially enabling data interception, unauthorized access to watch functions, or installation of malicious payloads.

🟠

Likely Case

Unauthorized Bluetooth pairing allowing data eavesdropping or limited device control, though specific vulnerable device combinations may be required.

🟢

If Mitigated

With proper Bluetooth security controls and user awareness, impact is limited to denial of service through unwanted pairing attempts.

🌐 Internet-Facing: LOW - Bluetooth requires physical proximity, not internet connectivity.
🏢 Internal Only: MEDIUM - Attackers must be within Bluetooth range (typically ~10 meters), making it relevant in shared physical spaces.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical proximity and specific Bluetooth device types. No authentication needed once in range.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Apr-2025 Release 1 or later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04

Restart Required: Yes

Instructions:

1. Open Galaxy Wearable app on paired phone. 2. Go to Watch settings > Watch software update. 3. Download and install April 2025 security update. 4. Restart watch after installation completes.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

all

Turn off Bluetooth to prevent any pairing attempts

Settings > Connections > Bluetooth > Toggle off

Enable pairing confirmation

all

Ensure pairing requires user confirmation (though this may be bypassed by the vulnerability)

Settings > Connections > Bluetooth > More options > Pair new device

🧯 If You Can't Patch

  • Keep Bluetooth disabled except when actively pairing trusted devices
  • Avoid using watch in public/untrusted environments where attackers might be present

🔍 How to Verify

Check if Vulnerable:

Check watch software version: Settings > About watch > Software information > Software version. If version is earlier than SMR Apr-2025 Release 1, device is vulnerable.

Check Version:

Settings > About watch > Software information > Software version

Verify Fix Applied:

Verify software version shows SMR Apr-2025 Release 1 or later. Test Bluetooth pairing with known devices to ensure user confirmation is required.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected Bluetooth pairing events
  • Multiple failed pairing attempts from unknown devices

Network Indicators:

  • Unusual Bluetooth MAC addresses attempting connections
  • Bluetooth pairing requests without user interaction

SIEM Query:

bluetooth AND (pairing OR connection) AND (unauthorized OR unexpected) AND device_type:"Galaxy Watch"

📊 Metadata

CVE ID: CVE-2025-20946
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.12% exploit probability (30.8th percentile)
Published: April 8, 2025
Last Updated: January 27, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON