CVE-2025-20946
HIGHDescription
Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.
Is your site exposed to CVE-2025-20946?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| samsung | wear_os |
| samsung | galaxy_watch |
| samsung | galaxy_watch_4 |
| samsung | galaxy_watch_4_classic |
| samsung | galaxy_watch_5 |
| samsung | galaxy_watch_5_pro |
| samsung | galaxy_watch_6 |
| samsung | galaxy_watch_6_classic |
| samsung | galaxy_watch_7 |
| samsung | galaxy_watch_fe |
| samsung | galaxy_watch_ultra |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-20946? +
How severe is CVE-2025-20946? +
What products are affected by CVE-2025-20946? +
How do I check if I'm vulnerable to CVE-2025-20946? +
Related Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload …
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO …
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO …