CVE-2025-20904

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Feb 4, 2025

Updated: Feb 12, 2025

CWE ID 787

Summary

CVE-2025-20904 is a newly disclosed vulnerability affecting the mPOS TUI trustlet. This issue permits local privileged attackers to manipulate memory beyond its intended boundaries, resulting in corruption. Prior to the SMR Feb-2025 Release 1, this vulnerability was present, leaving mPOS systems susceptible to exploitation. The out-of-bounds write condition can be exploited to execute arbitrary code, potentially compromise sensitive data, and disrupt the normal functioning of the mPOS system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Samsung Android

Affected Vendors

Samsung

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3C_T1o
https://www.cve.org/CVERecord?id=CVE-2025-20904
https://nvd.nist.gov/vuln/detail/CVE-2025-20904

Back to Vulnerability Database