Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025
CVE-2025-58486
CVE-2025-58486
Description
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
Affected products
2- Range: < 15.5.01.1
- Samsung Mobile/Samsung Accountv5Range: 15.5.01.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- ZDI-26-224: (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution VulnerabilityZero Day Initiative · Mar 23, 2026