CVE-2021-25375

CWE-200Information ExposureCWE-3303 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 41.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung EmailSamsung Email
Timeline
PublishedApr 9
Latest updateMay 24

Description

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/email< 6.1.14.0
CVEListV5samsung_mobile/samsung_emailunspecified6.1.41.0

🔴Vulnerability Details

2
GHSA
GHSA-25v9-5xh2-9q3m: Using predictable index for attachments in Samsung Email prior to version 62022-05-24
CVEList
CVE-2021-25375: Using predictable index for attachments in Samsung Email prior to version 62021-04-09
CVE-2021-25375 (MEDIUM CVSS 6.5) | Using predictable index for attachm | cvebase.io