CVE-2025-32407 Information

Description

Samsung Internet for Galaxy Watch version 5.0.9 available up until Samsung Galaxy Watch 3 does not properly validate TLS certificates allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel allowing for Man-in-the-Middle attacks stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.

Reference

https://github.com/diegovargasj/CVE-2025-32407