CVE-2021-25376 LOW

CVE-2021-25376

Vendor Samsung Mobile

Product Samsung Email

Weakness CWE-200 · Info exposure

Published April 9, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

3.1/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

Key dates

02Disclosure timeline

April 9, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25376

Related vulnerabilities

04Related CVE

CVE-2018-10599 CVE-2026-26964 Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint CVE-2022-1595 HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure CVE-2023-3553 Exposure of Sensitive Information to an Unauthorized Actor in nilsteampassnet/teampass

Identifiers

CVE CVE-2021-25376

CWE CWE-200

CVSS 3.1 / LOW

Affected versions

Vendor Samsung Mobile

Product Samsung Email

Affected ≥ unspecified and < 6.1.41.0