CVE-2025-20994 – This vulnerability in Samsung Internet browser ... (How to Fix)

Q: What is the severity of CVE-2025-20994?

CVE-2025-20994 has a CVSS score of 4.5 (MEDIUM). This vulnerability in Samsung Internet browser allows local attackers to read and write arbitrary files on non-Samsung devices due to improper permission handling in SyncClientProvider. It affects users running Samsung Internet browser versions before 28.0.0.59 on non-Samsung Android devices.

📋 TL;DR

This vulnerability in Samsung Internet browser allows local attackers to read and write arbitrary files on non-Samsung devices due to improper permission handling in SyncClientProvider. It affects users running Samsung Internet browser versions before 28.0.0.59 on non-Samsung Android devices.

💻 Affected Systems

Products:

Samsung Internet browser

Versions: All versions prior to 28.0.0.59

Operating Systems: Android (non-Samsung devices only)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Samsung Internet browser when installed on non-Samsung Android devices. Samsung devices are not affected.

📦 What is this software?

Internet by Samsung

View all CVEs affecting Internet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user data including sensitive files, credentials, and personal information stored on the device.

🟠

Likely Case

Unauthorized access to browser data, saved passwords, cookies, and local files accessible to the browser.

🟢

If Mitigated

Limited impact if device has strong app sandboxing and users don't store sensitive files in accessible locations.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers or malicious apps could exploit this to access sensitive data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to device. Likely exploited through malicious apps or physical access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 28.0.0.59 or later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=06

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for 'Samsung Internet' 3. Tap Update button 4. Restart browser after update completes

🔧 Temporary Workarounds

Uninstall Samsung Internet

android

Remove vulnerable browser from device

Settings > Apps > Samsung Internet > Uninstall

Use alternative browser

android

Switch to Chrome, Firefox, or other secure browser

🧯 If You Can't Patch

Restrict physical access to devices
Implement app whitelisting to prevent malicious apps from exploiting local vulnerabilities

🔍 How to Verify

Check if Vulnerable:

Check Samsung Internet version in app settings. If version is below 28.0.0.59 and installed on non-Samsung device, it's vulnerable.

Check Version:

Settings > Apps > Samsung Internet > App info > Version

Verify Fix Applied:

Confirm Samsung Internet version is 28.0.0.59 or higher in app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from Samsung Internet process
Permission denial errors in system logs

Network Indicators:

No network indicators - local file access only

SIEM Query:

process_name:"Samsung Internet" AND file_access:* AND version<28.0.0.59

📊 Metadata

CVE ID: CVE-2025-20994

CVSS v3 Score: 4.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

EPSS Score: 0.01% exploit probability (2th percentile)

Published: June 4, 2025

Last Updated: December 4, 2025

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=06 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON