CVE-2025-58487 is a vulnerability classified under CWE-285 (Improper Authorization) found in Samsung Account applications on Samsung mobile devices prior to version 15.5.01.1. This flaw allows a local attacker—someone with physical or local access to the device—to launch arbitrary activities within the Samsung Account app with elevated privileges. The vulnerability arises because the app does not properly enforce authorization checks before permitting certain actions, enabling unauthorized activity launches. The attack vector is local (AV:L), requiring the attacker to have access to the device but no prior privileges (PR:N) or user interaction (UI:N) are needed. The scope remains unchanged (S:U), meaning the impact is confined to the vulnerable component. The CVSS v3.1 base score is 4.0, reflecting a medium severity primarily due to its limited impact on confidentiality and integrity but some impact on availability. No known exploits have been reported in the wild, and no patch links are currently provided, indicating that remediation may be pending or integrated into future updates. The vulnerability could be exploited to disrupt normal Samsung Account operations or potentially escalate privileges locally, affecting device stability or user experience.

For European organizations, this vulnerability poses a moderate risk primarily to availability and operational continuity of Samsung mobile devices. Organizations relying on Samsung Account for device management, authentication, or synchronization services could experience disruptions if an attacker exploits this flaw to launch unauthorized activities. While confidentiality and integrity impacts are minimal, the ability to execute arbitrary activities with elevated privileges locally could facilitate further attacks or unauthorized access to device functions. This is particularly concerning for sectors with high mobile device usage and sensitive data, such as finance, healthcare, and government. The requirement for local access limits remote exploitation but increases risk in environments where devices may be physically accessible by unauthorized personnel. Additionally, organizations with Bring Your Own Device (BYOD) policies may face increased exposure if employees use vulnerable Samsung devices.

European organizations should prioritize updating Samsung Account applications to version 15.5.01.1 or later as soon as updates become available. In the absence of immediate patches, organizations should enforce strict physical security controls to prevent unauthorized local access to devices, including locking devices with strong authentication and limiting device sharing. Mobile device management (MDM) solutions should be configured to monitor and restrict installation of vulnerable app versions and enforce update policies. Additionally, organizations should educate users about the risks of leaving devices unattended and implement endpoint detection mechanisms to identify suspicious activity related to Samsung Account usage. For high-risk environments, consider restricting Samsung Account usage or isolating devices with sensitive data until the vulnerability is remediated. Regular audits of device software versions and permissions can help detect and mitigate exploitation attempts.