CVE-2025-21035

CWE-770 โ€” Allocation without Limits4 documents4 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 93.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Calendar
Timeline
PublishedSep 3
Latest updateSep 29

Description

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDsamsung/calendar< 12.5.06.5+1

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-x2rm-qv9w-2p5q: Improper access control in Samsung Calendar prior to version 12โ†—2025-09-29
โ–ถ
CVEList
CVE-2025-21035: Improper access control in Samsung Calendar prior to version 12โ†—2025-09-03
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Microsoft
In Qt through 5.14.1 the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of servicโ†—2020-02-11
โ–ถ
CVE-2025-21035 (MEDIUM CVSS 4.6) | Improper access control in Samsung | cvebase.io