Unsafe PendingIntent Vulnerability in Samsung Account on Android
CVE-2021-25381

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Account
Vendor: CVE Published:; 9 April 2021

What is CVE-2021-25381?

The vulnerability in Samsung Account arises from unsafe handling of PendingIntent, allowing local attackers to hijack intents and perform unauthorized actions without the consent of the user. This security flaw affects specific versions of Samsung Account on Android P and Q, posing a risk to user data integrity and device security. Users are advised to update their applications to mitigate potential exploits.

Affected Version(s)

Samsung Account Android P(9.0) and below < 10.8.0.4

Samsung Account Android Q(10.0) and above < 12.1.1.3

References

https://security.samsungmobile.com/

x_refsource_CONFIRM

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2021
Vulnerability Reserved
Jan 19, 2021