← back
CVE-2021-25507

CVE-2021-25507

CVSS 5.7 MEDIUMEPSS 0.3%CWE-285
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Samsung Mobile · Samsung Flow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11