CVE-2021-25381

CWE-285 CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 89.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsung Account Samsung Account

Timeline

PublishedApr 9

Latest updateMay 24

Description

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_accountAndroid P(9.0) and below — 10.8.0.4+1

▶NVDsamsung/account10.8.0.4, 12.1.1.3+1

🔴Vulnerability Details

GHSA

GHSA-984v-wwcj-4259: Using unsafe PendingIntent in Samsung Account in versions 10↗2022-05-24

▶

CVEList

CVE-2021-25381: Using unsafe PendingIntent in Samsung Account in versions 10↗2021-04-09

▶