CVE-2021-25521

CWE-285CWE-552Files Accessible to External Parties3 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 80.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedDec 8
Latest updateDec 9

Description

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/internet< 16.0.2
CVEListV5samsung_mobile/samsung_internet-16.0.2

🔴Vulnerability Details

2
GHSA
GHSA-hwh5-9mfv-g2m5: Insecure caller check in sharevia deeplink logic prior to Samsung Internet 162021-12-09
CVEList
CVE-2021-25521: Insecure caller check in sharevia deeplink logic prior to Samsung Internet 162021-12-08