CVE-2025-58486

Published Dec 2, 2025

Last updated 3 months ago

CVSS medium 4.0

Overview

Description
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
account

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2025-58486 Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script. https://t.co/TaCsMok8rI

    @CVEnew

    2 Dec 2025

    201 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21264
  2. Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.CVE-2025-58487
  3. Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.CVE-2025-21076
  4. Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.CVE-2023-21481
  5. Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.CVE-2025-21396

References

Sources include official advisories and independent security research.