CVE-2025-21031 β€” Improper Access Control in Samsung Android

CWE-284 β€” Improper Access Control3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 94.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Android
Timeline
PublishedSep 3
Latest updateSep 5

Description

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 2.5 | Impact: 4.2

Affected Packages1 packages

β–ΆNVDsamsung/android4 versions+3

πŸ”΄Vulnerability Details

2
GHSA
GHSA-5fjx-vvhf-64ff: Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs↗2025-09-05
β–Ά
CVEList
CVE-2025-21031: Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs↗2025-09-03
β–Ά
CVE-2025-21031 β€” Improper Access Control in Samsung | cvebase