Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

CVE-2025-58487

Description

Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.

Affected products

Samsung Mobile/Samsung Account Appllm-fuzzy
Range: < 15.5.01.1
Samsung Mobile/Samsung Accountv5
Range: 15.5.01.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.samsungmobile.com/serviceWeb.smsbmitre

News mentions

ZDI-26-225: (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
Zero Day Initiative · Mar 23, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000