CVE-2025-20895

CVSS 3.1 Score 3.2 of 10 (low)

Details

Published Feb 4, 2025

Summary

CVE-2025-20895 is a vulnerability affecting the Galaxy Store prior to version 4.5.87.6. This issue permits physical attackers to bypass authentication and install unauthorized applications, disregarding setup wizard restrictions. An attacker can exploit this authentication bypass through an alternate path, enabling them to circumvent the Galaxy Store's security measures and introduce malicious software. This vulnerability poses a significant risk to users, allowing potential attackers to gain unauthorized access and compromise devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Galaxy Store

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2Qarcm
https://www.cve.org/CVERecord?id=CVE-2025-20895
https://nvd.nist.gov/vuln/detail/CVE-2025-20895

Back to Vulnerability Database

CVE-2025-20895

CVSS 3.1 Score 3.2 of 10 (low)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations