CVE-2025-20972 – This vulnerability in Samsung Flow allows local... (How to Fix)

Q: What is the severity of CVE-2025-20972?

CVE-2025-20972 has a CVSS score of 6.2 (MEDIUM). This vulnerability in Samsung Flow allows local attackers to modify the application's configuration through improper intent verification in broadcast receivers. It affects Samsung Flow users on Android devices with versions prior to 4.9.17.6. Attackers must have local access to the device to exploit this flaw.

📋 TL;DR

This vulnerability in Samsung Flow allows local attackers to modify the application's configuration through improper intent verification in broadcast receivers. It affects Samsung Flow users on Android devices with versions prior to 4.9.17.6. Attackers must have local access to the device to exploit this flaw.

💻 Affected Systems

Products:

Samsung Flow

Versions: Versions prior to 4.9.17.6

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the Android device. Samsung Flow must be installed and configured.

📦 What is this software?

Flow by Samsung

View all CVEs affecting Flow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify Samsung Flow configuration to intercept sensitive data, manipulate synchronization settings, or potentially gain unauthorized access to connected services.

🟠

Likely Case

Local attackers could alter Samsung Flow settings to disrupt functionality, change notification preferences, or modify connection parameters between devices.

🟢

If Mitigated

With proper access controls and updated software, the risk is limited to authorized users making legitimate configuration changes.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the device. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.9.17.6 and later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05

Restart Required: No

Instructions:

1. Open Google Play Store on your Android device. 2. Search for 'Samsung Flow'. 3. If an update is available, tap 'Update'. 4. Alternatively, update through Samsung Galaxy Store if installed.

🔧 Temporary Workarounds

Disable Samsung Flow

android

Temporarily disable Samsung Flow until the update can be applied

Settings > Apps > Samsung Flow > Disable

Restrict app permissions

android

Review and restrict Samsung Flow permissions to minimum required

Settings > Apps > Samsung Flow > Permissions

🧯 If You Can't Patch

Implement strict physical access controls to prevent unauthorized local access to devices
Monitor for unusual configuration changes in Samsung Flow settings

🔍 How to Verify

Check if Vulnerable:

Check Samsung Flow version in app settings or Google Play Store

Check Version:

Open Samsung Flow > Settings > About Samsung Flow

Verify Fix Applied:

Confirm Samsung Flow version is 4.9.17.6 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected configuration changes in Samsung Flow logs
Unauthorized broadcast intents targeting Samsung Flow

Network Indicators:

Unusual synchronization patterns between devices

SIEM Query:

app:"Samsung Flow" AND event_type:"configuration_change" AND user:"unexpected_user"

📊 Metadata

CVE ID: CVE-2025-20972

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.03% exploit probability (7th percentile)

Published: May 7, 2025

Last Updated: July 16, 2025

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON