Improper Access Control in Samsung Notes Affects User Data
CVE-2025-21037

4.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsungnotes
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-21037?

The identified vulnerability in Samsung Notes allows unauthorized access to user data across multiple profiles due to improper access control mechanisms. This issue requires user interaction to be exploited, posing a risk to confidentiality when physical attackers target devices. Users must ensure their applications are updated to version 4.4.30.63 or later to mitigate this risk. For further details, please refer to the official Samsung security advisory.

Affected Version(s)

SamsungNotes 4.4.30.63

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Nov 6, 2024