Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2025-20943MEDIUMOut-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.EPSS 0.1%CVE-2024-34616MEDIUMImproper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitiveEPSS 0.1%CVE-2023-30735MEDIUMImproper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssisEPSS 0.1%CVE-2026-21000HIGHImproper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.EPSS 0.1%CVE-2024-34651MEDIUMImproper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.EPSS 0.1%CVE-2026-20970MEDIUMImproper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.EPSS 0.1%CVE-2022-30754HIGHImplicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities witEPSS 0.1%CVE-2022-22292HIGHUnprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.EPSS 0.1%CVE-2025-20955MEDIUMImproper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackersEPSS 0.1%CVE-2025-20907MEDIUMImproper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.EPSS 0.1%CVE-2022-30756HIGHImplicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with pEPSS 0.1%CVE-2026-20983HIGHImproper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitraEPSS 0.1%CVE-2022-33723MEDIUMA vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwantEPSS 0.1%CVE-2022-33727MEDIUMA vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwaEPSS 0.1%CVE-2026-20979HIGHImproper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings EPSS 0.1%CVE-2025-21034MEDIUMOut-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.EPSS 0.1%CVE-2021-25396MEDIUMAn improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.EPSS 0.1%CVE-2023-21490MEDIUMImproper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchEPSS 0.1%CVE-2025-58476MEDIUMOut-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.EPSS 0.1%CVE-2025-20977LOWUse of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get EPSS 0.1%