← back
CVE-2021-25337

CVE-2021-25337

CVSS 4.4 MEDIUMEPSS 2.8%● KEVCWE-269
In short

Untrusted apps on Samsung phones could read or write files through a flaw in the clipboard service, allowing them to access sensitive local data without proper permission checks.

Technical detail

A flaw in the clipboard service (CWE-269: improper access control) in Samsung mobile devices prior to SMR Mar-2021 Release 1 permits untrusted applications to bypass authorization checks and read/write arbitrary local files. Attack vector is local; attacker requires installation of a malicious app.

Summary generated and translated by AI from the official description.
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
Samsung Mobile · Samsung Mobile Devices
public PoCs found1
githubgithub.com/CrisZalSa/JustALampNothingElse1
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.comhttps://security.samsungmobile.com/securityUpdate.smsbhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25337