Memory Corruption Vulnerability in Samsung Devices
CVE-2025-21007

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Libsavsvc.so
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-21007?

An out-of-bounds write vulnerability exists in libsavsvc.so, affecting Samsung devices running Android versions prior to version 15. This flaw allows local attackers to exploit uninitialized memory, potentially leading to memory corruption and unauthorized access to system resources. Users are encouraged to update their devices to mitigate the risks associated with this vulnerability.

Affected Version(s)

libsavsvc.so Android 15

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Nov 6, 2024