CVE-2025-20973

Root

Cause

The vulnerability resides in the Secure Folder component on Samsung Android devices. Prior to versions 1.8.12.0 (Android 13) and 1.9.21.00 (Android 14), the application does not properly enforce authentication when the user initiates a lock-type reset operation from physical device access. The flaw is categorized as an improper authentication weakness, allowing the reset mechanism to be invoked without verifying the current lock credentials [1].

Exploitation

Exploitation requires physical access to the unlocked device (screen must be on and the user session active). The attacker interacts with the Secure Folder settings interface to trigger the lock type reset. No additional authentication or authorization checks are performed, enabling the adversary to bypass the intended security boundary [1].

Impact

A successful attack permits an adversary to change the Secure Folder lock type (e.g., from PIN to pattern, or to disable the lock) without presenting the original credentials. This compromises the confidentiality of data stored within the Secure Folder, as the attacker can then access the protected content arbitrarily [1].

Mitigation

Samsung has addressed the issue in Secure Folder version 1.8.12.0 for Android 13 and 1.9.21.00 for Android 14. Users should update the Secure Folder app through the Galaxy Store or Samsung settings to apply the fix [1].