CVE-2021-25337 MEDIUM

CVE-2021-25337

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-269

KEV Status Known Exploited

Published March 4, 2021

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 4, 2021 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25337 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html CISA KEV Reference https://security.samsungmobile.com/securityUpdate.smsb CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2021-25337

Related vulnerabilities

Identifiers

CVE CVE-2021-25337

CWE CWE-269

CVSS 4.4 / MEDIUM

Affected versions