Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2021-25467MEDIUMAssuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release EPSS 0.1%CVE-2025-21059MEDIUMImproper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.EPSS 0.1%CVE-2022-33725MEDIUMA vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system priEPSS 0.1%CVE-2026-21037MEDIUMImproper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary aEPSS 0.1%CVE-2025-21002MEDIUMImproper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.EPSS 0.1%CVE-2021-25357MEDIUMA pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(EPSS 0.1%CVE-2021-25412An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected acEPSS 0.1%CVE-2025-21033MEDIUMImproper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.EPSS 0.1%CVE-2021-25468MEDIUMA possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to readEPSS 0.1%CVE-2021-25359MEDIUMAn improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via unEPSS 0.1%CVE-2025-21022LOWImproper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.EPSS 0.1%CVE-2022-25821LOWImproper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.EPSS 0.1%CVE-2024-20833MEDIUMUse after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with systemEPSS 0.1%CVE-2021-25363MEDIUMAn improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processEPSS 0.1%CVE-2022-39882HIGHHeap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker toEPSS 0.1%CVE-2021-25358MEDIUMA vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values witEPSS 0.1%CVE-2023-30673MEDIUMImproper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrEPSS 0.1%CVE-2021-25488MEDIUMLack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.EPSS 0.1%CVE-2022-25816MEDIUMImproper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable withoEPSS 0.1%CVE-2022-25833LOWImproper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permiEPSS 0.1%