CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2233 – Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-2233
11 Mar 2025 — Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. • https://github.com/McTavishSue/CVE-2025-2233 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20933
https://notcve.org/view.php?id=CVE-2025-20933
06 Mar 2025 — Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20932
https://notcve.org/view.php?id=CVE-2025-20932
06 Mar 2025 — Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20931
https://notcve.org/view.php?id=CVE-2025-20931
06 Mar 2025 — Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20930
https://notcve.org/view.php?id=CVE-2025-20930
06 Mar 2025 — Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20929
https://notcve.org/view.php?id=CVE-2025-20929
06 Mar 2025 — Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20928
https://notcve.org/view.php?id=CVE-2025-20928
06 Mar 2025 — Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20927
https://notcve.org/view.php?id=CVE-2025-20927
06 Mar 2025 — Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20925
https://notcve.org/view.php?id=CVE-2025-20925
06 Mar 2025 — Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20924
https://notcve.org/view.php?id=CVE-2025-20924
06 Mar 2025 — Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. • https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03 •