CVE-2025-20996 – This vulnerability allows local attackers with ... (How to Fix)

Q: What is the severity of CVE-2025-20996?

CVE-2025-20996 has a CVSS score of 5.0 (MEDIUM). This vulnerability allows local attackers with physical or remote access to a device to read data with Smart Switch privileges when the user interacts with the application. It affects non-Samsung devices running Smart Switch versions prior to 3.7.64.10. The attack requires user interaction to trigger the improper authorization flaw.

📋 TL;DR

This vulnerability allows local attackers with physical or remote access to a device to read data with Smart Switch privileges when the user interacts with the application. It affects non-Samsung devices running Smart Switch versions prior to 3.7.64.10. The attack requires user interaction to trigger the improper authorization flaw.

💻 Affected Systems

Products:

Smart Switch

Versions: All versions prior to 3.7.64.10

Operating Systems: Android, iOS, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Smart Switch installed on non-Samsung devices. Samsung devices are not affected according to the advisory.

📦 What is this software?

Smart Switch by Samsung

View all CVEs affecting Smart Switch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive data stored or processed by Smart Switch, potentially including backup files, device information, or other privileged data accessible to the application.

🟠

Likely Case

Local attackers could access application data or files that Smart Switch has permission to read, but full system compromise is unlikely due to the limited privilege scope.

🟢

If Mitigated

With proper access controls and user awareness, the impact is limited to potential data leakage from the Smart Switch application itself.

🌐 Internet-Facing: LOW - The vulnerability requires local access and user interaction, making remote exploitation unlikely.

🏢 Internal Only: MEDIUM - Local attackers with physical access or existing foothold on the device could exploit this if they can trigger user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and user interaction, which adds complexity. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.7.64.10

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=06

Restart Required: Yes

Instructions:

1. Open Smart Switch application. 2. Check for updates in settings or about section. 3. Update to version 3.7.64.10 or later. 4. Restart the application or device if prompted.

🔧 Temporary Workarounds

Disable or remove Smart Switch

all

Uninstall Smart Switch from non-Samsung devices if not needed

Restrict local access

all

Implement physical security controls and limit local user access to vulnerable devices

🧯 If You Can't Patch

Limit user interaction with Smart Switch application
Implement application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check Smart Switch version in application settings or about section

Check Version:

No universal command - check via application GUI on respective platform

Verify Fix Applied:

Confirm version is 3.7.64.10 or higher in application settings

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns by Smart Switch process
Multiple failed authorization attempts

Network Indicators:

Local process communication anomalies

SIEM Query:

Process:SmartSwitch AND (EventID:4663 OR EventID:4656) AND AccessMask:0x1

📊 Metadata

CVE ID: CVE-2025-20996

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS Score: 0.01% exploit probability (1.8th percentile)

Published: June 4, 2025

Last Updated: October 28, 2025

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=06 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON