Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-30731MEDIUMImproper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My FileEPSS 0.2%CVE-2022-36837MEDIUMIntent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive informatEPSS 0.2%CVE-2021-25506MEDIUMNon-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial oEPSS 0.2%CVE-2022-36853LOWIntent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.EPSS 0.2%CVE-2023-30692HIGHImproper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.EPSS 0.2%CVE-2023-21465MEDIUMImproper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local filEPSS 0.2%CVE-2023-30728MEDIUMIntent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulEPSS 0.2%CVE-2024-20812HIGHOut-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.EPSS 0.2%CVE-2022-30715MEDIUMImproper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.EPSS 0.2%CVE-2021-25455LOWOOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pEPSS 0.2%CVE-2024-34682LOWImproper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance MEPSS 0.2%CVE-2025-21078HIGHUse of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data frEPSS 0.2%CVE-2023-21445MEDIUMImproper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 inEPSS 0.2%CVE-2025-20973MEDIUMImproper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to rEPSS 0.2%CVE-2024-20849HIGHOut-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers EPSS 0.2%CVE-2023-42544MEDIUMImproper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files.EPSS 0.2%CVE-2022-36832MEDIUMImproper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to accesEPSS 0.2%CVE-2022-39860MEDIUMImproper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit EPSS 0.2%CVE-2023-30651MEDIUMOut of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arEPSS 0.2%CVE-2026-21004MEDIUMImproper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.EPSS 0.2%