CVE-2025-58487

Published Dec 2, 2025

Last updated 5 months ago

CVSS medium 4.0

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-58487 describes an improper authorization vulnerability found in Samsung Account versions prior to 15.5.01.1. This flaw enables a local attacker to initiate arbitrary activities using the elevated privileges of the Samsung Account application. The vulnerability stems from inadequate authorization checks within the Samsung Account application, which fails to properly validate permissions before allowing activity launches. This oversight permits unauthorized components to invoke Samsung Account activities with the application's elevated privileges.

Description
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
account

Risk scores

CVSS 3.1

Type
Primary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. [ZDI-26-225|CVE-2025-58487] (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability (CVSS 5.6; Credit: Ken Gannon / 伊藤 剣 (@yogehi) of Mobile Hacking Lab, and Dimitrios Valsamaras (@Ch0pin)) https://t.co/STxvHFWXur

    @TheZDIBugs

    27 Mar 2026

    562 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-58487 Samsung Account Local Privilege Escalation Prior to Version 15.5.... https://t.co/oq1n7uZC0u Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    2 Dec 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-58487 Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege. https://t.co/5LL1CawFTY

    @CVEnew

    2 Dec 2025

    149 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21264
  2. Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.CVE-2025-58486
  3. Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.CVE-2025-21076
  4. Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.CVE-2023-21481
  5. Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.CVE-2025-21396

References

Sources include official advisories and independent security research.