Pwn2Own Discovery: Samsung Galaxy S25 Samsung Account Open Redirect Vulnerability (CVE-2025-58487)
A vulnerability in the Samsung Account app redirect handling on the Samsung Galaxy S25 could allow attackers to launch arbitrary Android activities, discovered and disclosed through the Pwn2Own competition.
A security vulnerability in the Samsung Account application redirect handling of the Samsung Galaxy S25 has been disclosed, potentially allowing attackers to bypass security restrictions and launch arbitrary Android activities. The flaw, identified as CVE-2025-58487, was discovered and reported through the Pwn2Own hacking competition and detailed in an advisory published by the Zero Day Initiative (ZDI) on March 23, 2026.
The vulnerability resides in the Samsung Account application, a pre-installed component on the Galaxy S25 that manages user authentication and cloud services. According to the ZDI advisory, the specific flaw is an open redirect. An unauthenticated, remote attacker can exploit this by tricking a user into clicking a specially crafted link, which forces the Samsung Account app to redirect the device's browser to a malicious site controlled by the attacker.
While an open redirect might seem limited, the ZDI advisory warns that the impact is more severe in the Android context. The advisory notes that an attacker can leverage this vulnerability to start arbitrary Android exported activities. This means the redirect can be used as a stepping stone to launch other apps or components on the device without proper authorization, potentially leading to data theft, credential harvesting, or further compromise of the device.
The vulnerability was discovered by researchers Ken Gannon and Dimitrios Valsamaras, who demonstrated the exploit at the Pwn2Own competition. The flaw carries a CVSS score of 5.6, indicating a medium severity level. The score reflects the relatively high attack complexity (requiring user interaction) but also notes that authentication is not required, and the potential for launching arbitrary activities broadens the attack surface.
Samsung has responded to the disclosure by issuing a security update to address the vulnerability. The update is part of Samsung's monthly maintenance release for December 2025, as detailed on the Samsung Mobile Security portal. Users of the Galaxy S25 are strongly advised to ensure their device is running the latest security patch level to mitigate the risk.
The coordinated disclosure timeline shows that the vulnerability was reported to Samsung on November 20, 2025, with the public advisory and patch release occurring on March 23, 2026. This four-month window allowed Samsung to develop and test the fix before the details were made public, a standard practice in responsible disclosure to protect users from active exploitation.