Primary

Context

Samsung SoundPicker Improper Access Control Vulnerability Allowing Cross-Profile Data Access

Vulnerability

A vulnerability exists in the SoundPicker application on Samsung devices running Android 12, 13, or 14, prior to the January 2025 Security Maintenance Release. This vulnerability allows physical attackers to access data across different user profiles due to improper access control. The issue has been addressed in the January 2025 SMR release.

Impact

Exploitation of this vulnerability could lead to unauthorized access to data across multiple user profiles.

Remediation

Users can update to the January 2025 Security Maintenance Release to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung SoundPicker Improper Access Control Vulnerability Allowing Cross-Profile Data Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating