Cross‑Site Scripting RCE in Samsung Galaxy S25 (CVE‑2025‑58486) Threatens Mobile Enterprise Devices
What It Is – A cross‑site scripting (XSS) flaw in the Samsung Account app on the Galaxy S25 allows an unauthenticated attacker to inject arbitrary JavaScript into the app’s WebView, leading to remote code execution (RCE) in the context of the user’s session.
Exploitability – The vulnerability was demonstrated in the Pwn2Own competition; a working exploit exists and can be run remotely without credentials. CVSS 6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).
Affected Products – Samsung Galaxy S25 smartphones (any device running the vulnerable Samsung Account application).
TPRM Impact – Enterprise mobile‑device‑management (MDM) programs that allow Samsung devices expose corporate data to script‑based theft, credential harvesting, or lateral movement. A compromised device can become a foothold for supply‑chain attacks against corporate apps and cloud services.
Recommended Actions –
- Deploy Samsung’s security update for the Galaxy S25 immediately.
- Enforce MDM policies that block or sandbox WebView components from untrusted origins.
- Conduct a rapid inventory of all Samsung devices in the organization and verify patch status.
- Monitor network traffic for anomalous JavaScript payloads targeting the Samsung Account service.
- Educate users on the risks of installing third‑party apps that may interact with the Samsung Account WebView.