Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2021-25503MEDIUMImproper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.EPSS 0.1%CVE-2025-21070MEDIUMOut-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.EPSS 0.1%CVE-2021-25335LOWImproper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated useEPSS 0.1%CVE-2025-21023LOWImproper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information.EPSS 0.1%CVE-2024-34598HIGHImproper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy StoEPSS 0.1%CVE-2021-25365MEDIUMAn improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.EPSS 0.1%CVE-2021-25518MEDIUMAn improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.EPSS 0.1%CVE-2021-25510MEDIUMAn improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.EPSS 0.1%CVE-2026-21038MEDIUMImproper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds mEPSS 0.1%CVE-2025-20960MEDIUMImproper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileEPSS 0.1%CVE-2025-21076MEDIUMImproper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access EPSS 0.1%CVE-2026-20989MEDIUMImproper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom foEPSS 0.1%CVE-2025-21054MEDIUMOut-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentialEPSS 0.1%CVE-2022-22271MEDIUMA missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary EPSS 0.1%CVE-2025-21025MEDIUMImproper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background executEPSS 0.1%CVE-2022-30724MEDIUMBroadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of BEPSS 0.1%CVE-2025-20958MEDIUMImproper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWEPSS 0.1%CVE-2025-21012MEDIUMImproper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection cEPSS 0.1%CVE-2022-30723MEDIUMBroadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice functEPSS 0.1%CVE-2022-30725MEDIUMBroadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of BluetEPSS 0.1%