Login Sign Up

CVE-2025-20997

6.2 MEDIUM

📋 TL;DR

This vulnerability allows local attackers to reset certain configuration settings on Galaxy Watch devices due to incorrect default permissions. It affects Galaxy Watch devices running software versions prior to the July 2025 security maintenance release. The attack requires physical access or local execution on the device.

💻 Affected Systems

Products:
  • Samsung Galaxy Watch
Versions: All versions prior to SMR Jul-2025 Release 1
Operating Systems: Wear OS (Samsung implementation)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Galaxy Watch devices, not other Samsung products. Requires local access to the device.

📦 What is this software?

Wear Os by Samsung

View all CVEs affecting Wear Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could reset critical device configurations, potentially disabling security features, erasing user preferences, or causing service disruption.

🟠

Likely Case

Malicious local users or malware could reset non-critical settings like display preferences, notification settings, or connectivity options, causing inconvenience and requiring reconfiguration.

🟢

If Mitigated

With proper access controls and updated software, the impact is limited to authorized users only making legitimate configuration changes.

🌐 Internet-Facing: LOW - This is a local privilege issue requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Within an organization, disgruntled employees or compromised devices could exploit this to disrupt watch functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the device. No authentication bypass is mentioned, suggesting the attacker needs some level of access to the device interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Jul-2025 Release 1 or later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=07

Restart Required: Yes

Instructions:

1. Open Galaxy Wearable app on paired phone. 2. Go to Watch settings > Watch software update. 3. Download and install available updates. 4. Restart watch after installation completes.

🔧 Temporary Workarounds

Restrict physical access

all

Limit who can physically access Galaxy Watch devices to prevent local exploitation.

Enable screen lock

all

Use PIN, pattern, or biometric lock to prevent unauthorized access to watch interface.

🧯 If You Can't Patch

  • Implement strict physical security controls for Galaxy Watch devices
  • Monitor for unusual configuration changes and investigate any unauthorized resets

🔍 How to Verify

Check if Vulnerable:

Check watch software version in Settings > About watch > Software information. If version is older than SMR Jul-2025 Release 1, device is vulnerable.

Check Version:

Settings > About watch > Software information > Software version

Verify Fix Applied:

After update, verify software version shows SMR Jul-2025 Release 1 or later in Settings > About watch > Software information.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected configuration reset events
  • Multiple configuration changes in short time period

Network Indicators:

  • None - this is a local attack

SIEM Query:

Watch for configuration reset events outside normal maintenance windows

📊 Metadata

CVE ID: CVE-2025-20997
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score: 0.02% exploit probability (4.1th percentile)
Published: July 8, 2025
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON