Low
CVSS 3.2
Overview
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
CVE-2025-20895
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4...
Risk analysis
This vulnerability is rated 🟢 LOW.
- CVSS: 3.2 (LOW)
- Detected tags: unauth_access (tag impact: HIGH)
Recommended actions:
- Enforce authentication/authorization; reduce default endpoint exposure.