Improper Authorization in Samsung Flow Mobile Application
CVE-2021-25507

5.7MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Flow
Vendor: CVE Published:; 5 November 2021

What is CVE-2021-25507?

An improper authorization issue exists in the Samsung Flow mobile application, impacting versions prior to 4.8.03.5. This vulnerability allows the associated Samsung Flow PC application to access notification data within the Secure Folder of a connected user device without proper authorization, potentially exposing sensitive information to unauthorized access.

Affected Version(s)

Samsung Flow - < 4.8.03.5

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2021
Vulnerability Reserved
Jan 19, 2021