CVE-2025-20895

Name of the Vulnerable Software and Affected Versions Galaxy Store versions prior to 4.5.87.6

Description The issue allows physical attackers to install arbitrary applications, bypassing the restrictions of Setupwizard through an alternate path in Galaxy Store. This enables attackers to circumvent intended security measures.

Recommendations For Galaxy Store versions prior to 4.5.87.6, update to version 4.5.87.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Galaxy Store until the update is applied.