PendingIntent Hijacking Vulnerability in Samsung Framework
CVE-2023-21466

5.3MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 3 September 2025

What is CVE-2023-21466?

The PendingIntent hijacking vulnerability in Samsung's CertificatePolicy allows local attackers to gain unauthorized access to contentProviders. This flaw exists in the framework prior to the SMR Apr-2023 Release 1, meaning that applications relying on this security configuration may be subjected to exploitation risks. Attackers can exploit this vulnerability to manipulate app behavior and gain sensitive data without proper permissions.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2023 Release in Android 11, 12, 13

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Nov 14, 2022