CVE-2025-58475 is a vulnerability identified in Samsung Mobile devices, specifically within the libsec-ril.so library, which is part of the Radio Interface Layer (RIL) responsible for communication between the device’s modem and the Android framework. The issue stems from improper input validation (classified under CWE-20), allowing local privileged attackers to write out-of-bounds memory. This memory corruption can lead to unauthorized disclosure of sensitive information (confidentiality impact), limited modification of data (integrity impact), and potential disruption of service (availability impact). The vulnerability requires the attacker to have local privileged access (e.g., root or system-level permissions) but does not require user interaction, making it exploitable by malicious applications or insiders with elevated rights. The vulnerability affects Samsung Mobile devices running firmware versions prior to the SMR (Security Maintenance Release) December 2025 Release 1. No public exploits have been reported yet, but the risk remains significant due to the nature of memory corruption vulnerabilities. The CVSS v3.1 base score is 5.6, reflecting medium severity with vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L, indicating local attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality impact with limited integrity and availability impacts. Samsung has not yet published patch links, but remediation is expected in upcoming security updates.

For European organizations, this vulnerability poses a moderate risk primarily to environments where Samsung Mobile devices are used with applications or processes running with elevated privileges. The out-of-bounds write could be leveraged to leak sensitive information stored in memory, potentially exposing corporate data or credentials. Partial integrity loss could allow attackers to alter some data or system states, while availability impacts might cause device instability or crashes, disrupting mobile operations. Since exploitation requires local privileged access, the threat is more relevant in scenarios involving insider threats, compromised devices, or malicious apps with escalated permissions. Organizations relying heavily on Samsung devices for mobile workforce productivity, secure communications, or mobile device management could face operational risks. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. The vulnerability also underscores the importance of controlling privileged access on mobile devices and maintaining up-to-date firmware.

1. Apply Samsung’s Security Maintenance Release December 2025 Release 1 or later as soon as it becomes available to ensure the vulnerability is patched. 2. Restrict and monitor privileged access on Samsung Mobile devices to minimize the risk of local exploitation. This includes enforcing least privilege principles for apps and users. 3. Employ mobile device management (MDM) solutions to enforce security policies, detect unauthorized privilege escalations, and manage firmware updates centrally. 4. Conduct regular audits of installed applications and system processes to identify and remove potentially malicious or unnecessary privileged apps. 5. Educate users and administrators about the risks of granting elevated privileges to applications and the importance of installing updates promptly. 6. Use endpoint detection and response (EDR) tools capable of monitoring suspicious local activities on mobile devices. 7. Limit physical access to devices to prevent local attackers from gaining privileged access. 8. Monitor security advisories from Samsung and related threat intelligence sources for updates or emerging exploit reports.