Secure Folder
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20897 | Med | 0.44 | 6.8 | 0.00 | Feb 4, 2025 | Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder. | ||
| CVE-2025-20973 | Med | 0.35 | 5.4 | 0.00 | May 7, 2025 | Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder. | ||
| CVE-2026-20990 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | |||
| CVE-2025-21041 | 0.00 | — | 0.00 | Sep 3, 2025 | Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | |||
| CVE-2024-20894 | 0.00 | — | 0.00 | Jul 2, 2024 | Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability. | |||
| CVE-2023-21419 | 0.00 | — | 0.00 | Feb 9, 2023 | An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. | |||
| CVE-2020-26606 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). | |||
| CVE-2020-13834 | 0.00 | — | 0.00 | Jun 4, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020). | |||
| CVE-2018-21068 | 0.00 | — | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | |||
| CVE-2018-21038 | 0.00 | — | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | |||
| CVE-2019-20617 | 0.00 | — | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019). | |||
| CVE-2018-9142 | 0.00 | — | 0.00 | Mar 30, 2018 | On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. |
- risk 0.44cvss 6.8epss 0.00
Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.
- risk 0.35cvss 5.4epss 0.00
Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.
- CVE-2026-20990Mar 16, 2026risk 0.00cvss —epss 0.00
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
- CVE-2025-21041Sep 3, 2025risk 0.00cvss —epss 0.00
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
- CVE-2024-20894Jul 2, 2024risk 0.00cvss —epss 0.00
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
- CVE-2023-21419Feb 9, 2023risk 0.00cvss —epss 0.00
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- CVE-2020-26606Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).
- CVE-2020-13834Jun 4, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).
- CVE-2018-21068Apr 8, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018).
- CVE-2018-21038Apr 8, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).
- CVE-2019-20617Mar 24, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019).
- CVE-2018-9142Mar 30, 2018risk 0.00cvss —epss 0.00
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.