CVE-2025-20994

Name of the Vulnerable Software and Affected Versions Samsung Internet versions prior to 28.0.0.59

Description The issue arises from improper handling of insufficient permission in SyncClientProvider, allowing local attackers to access and modify arbitrary files. This affects Samsung Internet installed on non-Samsung devices.

Recommendations For versions prior to 28.0.0.59, update to version 28.0.0.59 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.