AI description
CVE-2025-58486 is an improper input validation vulnerability found in Samsung Account versions prior to 15.5.01.1. This security flaw enables a local attacker to execute arbitrary scripts on affected devices. Such an exploit could potentially lead to unauthorized actions within the context of the Samsung Account application. The vulnerability stems from the Samsung Account application's failure to adequately validate and sanitize input data before processing it. This oversight allows malicious script content to be injected and subsequently executed within the application's security context. Samsung has since released an update, addressing this issue in Samsung Account version 15.5.01.1.
- Description
- Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
- Source
- mobile.security@samsung.com
- NVD status
- Analyzed
- Products
- account
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[ZDI-26-224|CVE-2025-58486] (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability (CVSS 6.3; Credit: Ken Gannon / 伊藤 剣 (@yogehi) of Mobile Hacking Lab, and Dimitrios Valsamaras (@Ch0pin)) https://t.co/LaoqkjQTe5
@TheZDIBugs
27 Mar 2026
872 Impressions
1 Retweet
7 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2025-58486 Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script. https://t.co/TaCsMok8rI
@CVEnew
2 Dec 2025
201 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCF1AE1-0682-4C36-AB63-0A6B114BA75E",
"versionEndExcluding": "15.5.01.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]