Primary

Context

Samsung Mobile Fingerprint Trustlet Improper Access Control Vulnerability Allowing Auth Token Retrieval

Vulnerability

Patched

A vulnerability exists in the fingerprint trustlet of Samsung Mobile devices running Android versions 13, 14, and 15, prior to the June 2025 Security Maintenance Release. This vulnerability allows local privileged attackers to access an auth_token due to improper access control in the fingerprint trustlet.

Impact

Exploitation of this vulnerability allows local privileged attackers to retrieve an auth_token from the fingerprint trustlet.

Remediation

Users can apply the June 2025 Security Maintenance Release to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

2.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

2.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Mobile Fingerprint Trustlet Improper Access Control Vulnerability Allowing Auth Token Retrieval

Vulnerability

Impact

Remediation

Affected Products

Samsung Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating