CVE-2025-20953: 
NixOS vulnerability analysis and mitigation

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. The vulnerability, identified as CVE-2025-20953, affects Android versions 13, 14, and 15. It was reported on November 29, 2024 and was privately disclosed (Samsung Mobile, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N by NIST NVD, while Samsung Mobile assigned it a slightly higher score of 5.1 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (NVD, Wiz).

The vulnerability allows local attackers to launch activities within SmartManagerCN, potentially compromising the security boundaries of the application. This could lead to unauthorized access to SmartManagerCN functionality and potential information disclosure or privilege escalation within the application's scope (Samsung Mobile).

Samsung has addressed this vulnerability in the SMR May-2025 Release 1 by adding proper validation logic. Users are advised to update their devices to the latest security patch level to protect against this vulnerability (Samsung Mobile).