Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-25831LOWImproper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certaiEPSS 0.1%CVE-2022-28783MEDIUMImproper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packagEPSS 0.1%CVE-2022-33715MEDIUMImproper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access EPSS 0.1%CVE-2022-24929MEDIUMUnprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.EPSS 0.1%CVE-2021-25515MEDIUMAn improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.EPSS 0.1%CVE-2025-21077LOWImproper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email EPSS 0.1%CVE-2022-24001LOWInformation disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via EdEPSS 0.1%CVE-2022-39899MEDIUMImproper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input evenEPSS 0.1%CVE-2022-25815MEDIUMPendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized EPSS 0.1%CVE-2022-33700LOWExposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via lEPSS 0.1%CVE-2022-33693LOWExposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.EPSS 0.1%CVE-2022-25814MEDIUMPendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthEPSS 0.1%CVE-2021-25457MEDIUMAn improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memoEPSS 0.1%CVE-2021-25476MEDIUMAn information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection meEPSS 0.1%CVE-2022-33699LOWExposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via lEPSS 0.1%CVE-2022-30758MEDIUMImplicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected informatioEPSS 0.1%CVE-2022-33692MEDIUMExposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid viEPSS 0.1%CVE-2022-33695MEDIUMUse of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.EPSS 0.1%CVE-2022-33687LOWExposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.EPSS 0.1%CVE-2022-33688LOWSensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers witEPSS 0.1%