CVE-2025-32407

Medium CVSS: 5.9

Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.

Vendor

Samsung

Product

Internet

CWE

CWE-295

Yayın Tarihi

2025-05-16 21:15:35

Güncelleme

2025-06-12 16:30:02

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-295 Internet MEDIUM Samsung 2025

Referanslar

https://github.com/diegovargasj/CVE-2025-32407

Benzer Kayıtlar

High

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store…

Medium

CVE-2026-21001

Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privileg…

Medium

CVE-2026-21002

Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to inst…

Medium

CVE-2026-21004

Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of serv…

High

CVE-2026-21005

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Sm…

Medium

CVE-2026-20992

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the back…