CVE-2025-20897

Vulnerability

CVE-2025-20897 is an improper access control vulnerability in Samsung's Secure Folder application. The issue affects versions prior to 1.9.20.50 on Android 14, 1.8.11.0 on Android 13, and 1.7.04.0 on Android 12 [1]. This flaw allows a local attacker to bypass the intended access restrictions of the Secure Folder, which is designed to provide a protected, encrypted space for user data.

Exploitation

A local attacker with access to the device can exploit this vulnerability to access data stored within the Secure Folder. The attack requires local access, meaning the attacker must have physical or remote interactive access to the unlocked device. The precise attack vector is not detailed in the description, but it stems from inadequate enforcement of access controls within the Secure Folder software.

Impact

Successful exploitation enables the attacker to read, modify, or exfiltrate data that the user intended to keep private within the Secure Folder. This could include personal photos, documents, financial information, or other sensitive files. The vulnerability undermines the core purpose of the Secure Folder, which is to isolate and protect sensitive data from other apps and unauthorized users.

Mitigation

Samsung has released patched versions of Secure Folder: 1.9.20.50 for Android 14, 1.8.11.0 for Android 13, and 1.7.04.0 for Android 12. Users are advised to update the Secure Folder application through the Galaxy Store or Google Play Store to mitigate this risk [1].