Improper Access Control in WindowManager Affects Samsung DeX
CVE-2025-21046

2.4LOW

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-21046?

A vulnerability in the WindowManager component of Samsung DeX allows unauthorized physical access to the recent app list for devices before the SMR Oct-2025 Release 1. This flaw enables potential attackers to view and interact with recently used applications, raising concerns about the confidentiality of user data. Immediate updates are recommended to mitigate associated risks.

Affected Version(s)

Samsung Mobile Devices SMR Oct-2025 Release in Android 13, 14, 15

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Nov 6, 2024

JSON