CVE-2025-20936
HIGHDescription
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
Is your site exposed to CVE-2025-20936?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-20936? +
How severe is CVE-2025-20936? +
What products are affected by CVE-2025-20936? +
How do I check if I'm vulnerable to CVE-2025-20936? +
Related Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload …
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO …
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO …