The Galaxy Store application has a path traversal vulnerability that permits a local attacker to write files with the same privileges as the store process. This flaw can enable the attacker to create or overwrite arbitrary files on the device, potentially leading to unauthorized data modification, malware installation, or execution of malicious code under the store’s elevated rights.

Samsung Mobile devices running Galaxy Store versions earlier than 4.6.03.8 are affected. No other products or versions are listed as impacted.

The CVSS score of 5.9 indicates moderate severity, while the EPSS score of less than 1% reflects a low probability of exploitation in the wild. The vulnerability can be leveraged only with local access to the device, and it is not currently listed in the CISA KEV catalog. Attackers would need to exploit the path traversal to place a file in a privileged location, which may then be used to gain further access or compromise the device.