Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2021-25513LOWAn improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some dEPSS 0.1%CVE-2024-20892MEDIUMImproper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors.EPSS 0.1%CVE-2026-21023MEDIUMInsufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify theEPSS 0.1%CVE-2021-25362MEDIUMAn improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local filEPSS 0.1%CVE-2021-25409Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification EPSS 0.1%CVE-2021-25443A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.EPSS 0.1%CVE-2022-25819MEDIUMOOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.EPSS 0.1%CVE-2026-21010MEDIUMImproper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.EPSS 0.1%CVE-2023-21474MEDIUMIntent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilEPSS 0.1%CVE-2022-27833MEDIUMImproper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.EPSS 0.1%CVE-2025-20985MEDIUMImproper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.EPSS 0.1%CVE-2022-22291MEDIUMLogging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location InformEPSS 0.1%CVE-2021-25484MEDIUMImproper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.EPSS 0.1%CVE-2022-36850MEDIUMPath traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.EPSS 0.1%CVE-2021-25382MEDIUMAn improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contentsEPSS 0.1%CVE-2021-25512MEDIUMAn improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.EPSS 0.1%CVE-2022-24932MEDIUMImproper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker packageEPSS 0.1%CVE-2021-25411Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-onEPSS 0.1%CVE-2021-25453MEDIUMSome improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.EPSS 0.1%CVE-2022-39904LOWExposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the NetEPSS 0.1%