CVE-2025-20977
First published: Wed May 07 2025(Updated: )
Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Notes | <4.4.29.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-20977?
CVE-2025-20977 is considered a moderate severity vulnerability due to its requirement for user interaction and potential exposure of sensitive information.
How do I fix CVE-2025-20977?
To fix CVE-2025-20977, update Samsung Notes to version 4.4.29.23 or later.
What type of attack does CVE-2025-20977 enable?
CVE-2025-20977 enables local attackers to gain access to sensitive information through the use of implicit intents.
Is user interaction needed to exploit CVE-2025-20977?
Yes, user interaction is required to trigger the exploitation of CVE-2025-20977.
Which versions of Samsung Notes are affected by CVE-2025-20977?
Samsung Notes versions prior to 4.4.29.23 are affected by CVE-2025-20977.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/severity
- agent/event
- vendor/samsung
- canonical/samsung notes