Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2025-21034MEDIUMOut-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.EPSS 0.1%CVE-2025-20957HIGHImproper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartMaEPSS 0.1%CVE-2025-58487MEDIUMImproper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung AccountEPSS 0.1%CVE-2025-20981MEDIUMImproper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.EPSS 0.1%CVE-2023-21490MEDIUMImproper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchEPSS 0.1%CVE-2025-21058HIGHImproper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially eEPSS 0.1%CVE-2025-20911MEDIUMImproper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of GalaxEPSS 0.1%CVE-2021-25482MEDIUMSQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA frameworkEPSS 0.1%CVE-2022-39900MEDIUMImproper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toasEPSS 0.1%CVE-2024-34646MEDIUMImproper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of serEPSS 0.1%CVE-2025-20885MEDIUMOut-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.EPSS 0.1%CVE-2025-20983MEDIUMOut-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to writeEPSS 0.1%CVE-2026-20971HIGHUse After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.EPSS 0.1%CVE-2025-20982MEDIUMOut-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write EPSS 0.1%CVE-2025-20896MEDIUMUse of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive informatEPSS 0.1%CVE-2025-20951MEDIUMImproper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to writEPSS 0.1%CVE-2021-25334MEDIUMImproper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause peEPSS 0.1%CVE-2025-20993MEDIUMOut-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.EPSS 0.1%CVE-2021-25469MEDIUMA possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.EPSS 0.1%CVE-2024-34611MEDIUMImproper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.EPSS 0.1%