Missing Input Validation in Samsung Flow Windows Application
CVE-2021-25509
5.9MEDIUM
Summary
The Samsung Flow Windows application prior to Version 4.8.5.0 suffers from a serious flaw due to missing input validation, enabling malicious actors to overwrite arbitrary files in known Windows folders. This vulnerability poses significant security risks, as it allows unauthorized modification of files that could lead to data loss or compromise system integrity. Users are advised to promptly update their applications to mitigate potential threats.
Affected Version(s)
Samsung Flow - < 4.8.5.0
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved