CVE-2025-32407

MEDIUM

Samsung Internet - Improper Certificate Validation

Title source: rule

Description

Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.

Exploits (1)

nomisec WORKING POC

by diegovargasj · poc

https://github.com/diegovargasj/CVE-2025-32407

View Code ZIP pw:eip

References (1)

[Exploit] https://github.com/diegovargasj/CVE-2025-32407

Scores

CVSS v3 5.9

EPSS 0.0004

EPSS Percentile 10.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (1)

samsung/internet 5.0.9

Published May 16, 2025

Tracked Since Feb 18, 2026