Intent Redirection Vulnerability in SecSettings by Samsung
CVE-2023-21474

6.3MEDIUM

Key Information:

Vendor

Samsung
Status
Samsung Devices
Vendor
CVE Published:
3 September 2025

What is CVE-2023-21474?

An intent redirection vulnerability in SecSettings allows unauthorized attackers to gain access to arbitrary files with elevated system privileges. This flaw exists in versions prior to SMR Apr-2022 Release 1, potentially compromising the security integrity of affected devices. It is crucial for users to update their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2023 Release in Android 11, 12, 13

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-21474 : Intent Redirection Vulnerability in SecSettings by Samsung