CVE-2025-58483

Published Dec 2, 2025

Last updated 3 months ago

CVSS medium 5.9

Overview

Description
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
galaxy_store

Risk scores

CVSS 3.1

Type
Primary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. CVE-2025-58483 Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application o… https://t.co/lVsdMcuS5I

    @CVEnew

    2 Dec 2025

    222 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.CVE-2026-20976
  2. Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.CVE-2023-21483
  3. Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.CVE-2025-20951
  4. Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.CVE-2025-20895
  5. Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.CVE-2024-34601

References

Sources include official advisories and independent security research.