Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
References
| Link | Resource |
|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Oct 2025, 12:42
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:* |
|
| CWE | NVD-CWE-noinfo | |
| References | () https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10 - Vendor Advisory | |
| First Time |
Samsung android
Samsung |
10 Oct 2025, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-10 07:15
Updated : 2025-10-23 12:42
NVD link : CVE-2025-21049
Mitre link : CVE-2025-21049
CVE.ORG link : CVE-2025-21049
JSON object : View
Products Affected
samsung
- android
CWE