Improper Permission Grant Check in Samsung Internet Browser
CVE-2021-25348

2.1LOW

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 4 March 2021

What is CVE-2021-25348?

The vulnerability in Samsung Internet prior to version 13.0.1.60 arises from insufficient checks on permission grants, enabling unauthorized access to confidential files stored in the internal storage. This allows malicious actors to exploit the flaw and gain access without the necessary STORAGE permission, posing a significant risk to user privacy and data security.

Affected Version(s)

Samsung Internet < 13.0.1.60

References

https://security.samsungmobile.com/

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021