CVE-2025-20977

{"id": "CVE-2025-20977", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2025-05-07T09:15:18.330", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=05", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability."}, {"lang": "es", "value": "El uso de la intenci\u00f3n impl\u00edcita para la comunicaci\u00f3n confidencial en la traducci\u00f3n de Samsung Notes anteriores a la versi\u00f3n 4.4.29.23 permite a atacantes locales obtener informaci\u00f3n confidencial. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."}], "lastModified": "2025-07-16T19:33:45.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:notes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A7340B-3478-47D7-AC3A-4D7F12F6C811", "versionEndExcluding": "4.4.26.71"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}