CVE-2025-21007

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:samsung:android:*:-:*:*:*:*:*:*

History

15 Jul 2025, 14:21

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07 - Vendor Advisory
CPE		cpe:2.3:o:samsung:android::-::::::*
CWE		CWE-787
First Time		Samsung Samsung android

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) La escritura fuera de los límites al acceder a la memoria no inicializada en libsavsvc.so antes de Android 15 permite que atacantes locales provoquen daños en la memoria.

08 Jul 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 11:15

Updated : 2025-07-15 14:21

NVD link : CVE-2025-21007

Mitre link : CVE-2025-21007

CVE.ORG link : CVE-2025-21007

JSON object : View

Products Affected

samsung

android

CWE

CWE-787

Out-of-bounds Write

5.5 /10