Refine your search
61 vulnerabilities found for android by samsung
CVE-2025-58480 (GCVE-0-2025-58480)
Vulnerability from nvd
Published
2025-12-02 01:24
Modified
2025-12-02 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:55.323216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:41.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:25.777Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58480",
"datePublished": "2025-12-02T01:24:25.777Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:41.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58479 (GCVE-0-2025-58479)
Vulnerability from nvd
Published
2025-12-02 01:24
Modified
2025-12-02 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:57.618509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:48.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:24.635Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58479",
"datePublished": "2025-12-02T01:24:24.635Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:48.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58478 (GCVE-0-2025-58478)
Vulnerability from nvd
Published
2025-12-02 01:24
Modified
2025-12-02 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:59.953502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:56.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:23.461Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58478",
"datePublished": "2025-12-02T01:24:23.461Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:56.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58477 (GCVE-0-2025-58477)
Vulnerability from nvd
Published
2025-12-02 01:24
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:02.586330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:04.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:22.269Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58477",
"datePublished": "2025-12-02T01:24:22.269Z",
"dateReserved": "2025-09-03T06:13:48.467Z",
"dateUpdated": "2025-12-02T16:57:04.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58476 (GCVE-0-2025-58476)
Vulnerability from nvd
Published
2025-12-02 01:24
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:05.161297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:12.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Selected Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:21.016Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58476",
"datePublished": "2025-12-02T01:24:21.016Z",
"dateReserved": "2025-09-03T06:13:48.467Z",
"dateUpdated": "2025-12-02T16:57:12.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58475 (GCVE-0-2025-58475)
Vulnerability from nvd
Published
2025-12-02 01:24
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:07.430783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:19.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:19.796Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58475",
"datePublished": "2025-12-02T01:24:19.796Z",
"dateReserved": "2025-09-03T06:13:48.467Z",
"dateUpdated": "2025-12-02T16:57:19.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21080 (GCVE-0-2025-21080)
Vulnerability from nvd
Published
2025-12-02 01:23
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:09.700758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:27.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen\u0027s privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926: Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:23:31.419Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21080",
"datePublished": "2025-12-02T01:23:31.419Z",
"dateReserved": "2024-11-06T02:30:14.896Z",
"dateUpdated": "2025-12-02T16:57:27.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21072 (GCVE-0-2025-21072)
Vulnerability from nvd
Published
2025-12-02 01:23
Modified
2025-12-03 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T04:55:35.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:23:05.269Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21072",
"datePublished": "2025-12-02T01:23:05.269Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-12-03T04:55:35.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21075 (GCVE-0-2025-21075)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-11-07 14:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:14:24.798143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T14:26:20.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:55.557Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21075",
"datePublished": "2025-11-05T05:40:55.557Z",
"dateReserved": "2024-11-06T02:30:14.896Z",
"dateUpdated": "2025-11-07T14:26:20.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21074 (GCVE-0-2025-21074)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-12-11 19:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:17:41.803727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:01:50.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:54.365Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21074",
"datePublished": "2025-11-05T05:40:54.365Z",
"dateReserved": "2024-11-06T02:30:14.895Z",
"dateUpdated": "2025-12-11T19:01:50.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21073 (GCVE-0-2025-21073)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-12-11 19:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:17:52.885843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:01:59.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:53.213Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21073",
"datePublished": "2025-11-05T05:40:53.213Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-12-11T19:01:59.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21071 (GCVE-0-2025-21071)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-12-11 19:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T04:55:33.645897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:02:26.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:51.956Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21071",
"datePublished": "2025-11-05T05:40:51.956Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-12-11T19:02:26.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21055 (GCVE-0-2025-21055)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-22 20:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:42:55.260485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T20:37:34.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:14.330Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21055",
"datePublished": "2025-10-10T06:33:14.330Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-22T20:37:34.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21054 (GCVE-0-2025-21054)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 17:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:54:09.062986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T17:55:02.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:13.296Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21054",
"datePublished": "2025-10-10T06:33:13.296Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T17:55:02.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21053 (GCVE-0-2025-21053)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 17:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:55:20.230258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T17:57:24.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:12.274Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21053",
"datePublished": "2025-10-10T06:33:12.274Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T17:57:24.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21052 (GCVE-0-2025-21052)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 17:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:59:25.420178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T17:59:38.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:11.226Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21052",
"datePublished": "2025-10-10T06:33:11.226Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T17:59:38.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21051 (GCVE-0-2025-21051)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 14:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T14:20:25.710255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T14:20:32.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:10.202Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21051",
"datePublished": "2025-10-10T06:33:10.202Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T14:20:32.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21050 (GCVE-0-2025-21050)
Vulnerability from nvd
Published
2025-10-10 06:41
Modified
2025-10-10 10:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T10:18:02.808835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T10:18:10.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:41:32.823Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21050",
"datePublished": "2025-10-10T06:41:32.823Z",
"dateReserved": "2024-11-06T02:30:14.890Z",
"dateUpdated": "2025-10-10T10:18:10.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58480 (GCVE-0-2025-58480)
Vulnerability from cvelistv5
Published
2025-12-02 01:24
Modified
2025-12-02 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:55.323216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:41.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:25.777Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58480",
"datePublished": "2025-12-02T01:24:25.777Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:41.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58479 (GCVE-0-2025-58479)
Vulnerability from cvelistv5
Published
2025-12-02 01:24
Modified
2025-12-02 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:57.618509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:48.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:24.635Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58479",
"datePublished": "2025-12-02T01:24:24.635Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:48.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58478 (GCVE-0-2025-58478)
Vulnerability from cvelistv5
Published
2025-12-02 01:24
Modified
2025-12-02 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:59.953502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:56.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:23.461Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58478",
"datePublished": "2025-12-02T01:24:23.461Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:56.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58477 (GCVE-0-2025-58477)
Vulnerability from cvelistv5
Published
2025-12-02 01:24
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:02.586330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:04.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:22.269Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58477",
"datePublished": "2025-12-02T01:24:22.269Z",
"dateReserved": "2025-09-03T06:13:48.467Z",
"dateUpdated": "2025-12-02T16:57:04.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58476 (GCVE-0-2025-58476)
Vulnerability from cvelistv5
Published
2025-12-02 01:24
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:05.161297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:12.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Selected Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:21.016Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58476",
"datePublished": "2025-12-02T01:24:21.016Z",
"dateReserved": "2025-09-03T06:13:48.467Z",
"dateUpdated": "2025-12-02T16:57:12.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58475 (GCVE-0-2025-58475)
Vulnerability from cvelistv5
Published
2025-12-02 01:24
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:07.430783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:19.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:19.796Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58475",
"datePublished": "2025-12-02T01:24:19.796Z",
"dateReserved": "2025-09-03T06:13:48.467Z",
"dateUpdated": "2025-12-02T16:57:19.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21080 (GCVE-0-2025-21080)
Vulnerability from cvelistv5
Published
2025-12-02 01:23
Modified
2025-12-02 16:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:51:09.700758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:57:27.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen\u0027s privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926: Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:23:31.419Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21080",
"datePublished": "2025-12-02T01:23:31.419Z",
"dateReserved": "2024-11-06T02:30:14.896Z",
"dateUpdated": "2025-12-02T16:57:27.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21072 (GCVE-0-2025-21072)
Vulnerability from cvelistv5
Published
2025-12-02 01:23
Modified
2025-12-03 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T04:55:35.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:23:05.269Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21072",
"datePublished": "2025-12-02T01:23:05.269Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-12-03T04:55:35.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21075 (GCVE-0-2025-21075)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-11-07 14:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:14:24.798143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T14:26:20.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:55.557Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21075",
"datePublished": "2025-11-05T05:40:55.557Z",
"dateReserved": "2024-11-06T02:30:14.896Z",
"dateUpdated": "2025-11-07T14:26:20.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21074 (GCVE-0-2025-21074)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-12-11 19:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:17:41.803727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:01:50.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:54.365Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21074",
"datePublished": "2025-11-05T05:40:54.365Z",
"dateReserved": "2024-11-06T02:30:14.895Z",
"dateUpdated": "2025-12-11T19:01:50.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21073 (GCVE-0-2025-21073)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-12-11 19:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:17:52.885843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:01:59.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:53.213Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21073",
"datePublished": "2025-11-05T05:40:53.213Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-12-11T19:01:59.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21071 (GCVE-0-2025-21071)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-12-11 19:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T04:55:33.645897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:02:26.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:51.956Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21071",
"datePublished": "2025-11-05T05:40:51.956Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-12-11T19:02:26.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}