Improper Access Control in IsemTelephony on Samsung Devices
CVE-2025-21005

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Isemtelephony
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-21005?

The IsemTelephony component on Samsung devices prior to Android 15 is susceptible to an improper access control vulnerability. This flaw allows local attackers to exploit the system and gain unauthorized access to sensitive information, potentially compromising user privacy and security. Users are encouraged to update their devices to the latest Android version to mitigate this issue.

Affected Version(s)

isemtelephony Android 15

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Nov 6, 2024