CVE-2025-20970
First published: Wed May 07 2025(Updated: )
Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Bixby Vision | <3.8.1<3.8.3<3.8.21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-20970?
CVE-2025-20970 has been classified as a moderate severity vulnerability due to improper access controls.
How do I fix CVE-2025-20970?
To mitigate CVE-2025-20970, users should update Bixby Vision to version 3.8.1 or later for Android 13, 3.8.3 or later for Android 14, and 3.8.21 or later for Android 15.
Who is affected by CVE-2025-20970?
Users of Bixby Vision versions prior to 3.8.1 on Android 13, 3.8.3 on Android 14, and 3.8.21 on Android 15 are affected by CVE-2025-20970.
What type of attack does CVE-2025-20970 enable?
CVE-2025-20970 enables local attackers to access private image files through Bixby Vision privileges.
What software is impacted by CVE-2025-20970?
CVE-2025-20970 specifically impacts Samsung Bixby Vision versions prior to 3.8.1, 3.8.3, and 3.8.21 depending on the Android version.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/severity
- agent/event
- vendor/samsung
- canonical/samsung bixby vision