CVE-2025-21060

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 99.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Smart Switch
Timeline
PublishedOct 10

Description

Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/smart_switch< 3.7.67.2

🔴Vulnerability Details

2
GHSA
GHSA-5pvg-8r46-4jqj: Cleartext storage of sensitive information in Smart Switch prior to version 32025-10-10
CVEList
CVE-2025-21060: Cleartext storage of sensitive information in Smart Switch prior to version 32025-10-10
CVE-2025-21060 (MEDIUM CVSS 5.5) | Cleartext storage of sensitive info | cvebase.io