CVE-2021-25369 MEDIUM

CVE-2021-25369

Vendor Samsung Mobile
Product Samsung Mobile Devices
Weakness CWE-200 · Info exposure
KEV Status Known Exploited
Published March 26, 2021
Last update October 21, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 26, 2021 CVE published
October 21, 2025 Record updated