CVE-2021-25382 MEDIUM

CVE-2021-25382

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-285

Published April 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Physical

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

Key dates

02Disclosure timeline

April 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25382

Related vulnerabilities

04Related CVE

CVE-2025-10976 JeecgBoot getDepartUserList improper authorization CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation CVE-2024-3013 Teledyne FLIR AX8 User Registration test_login.php improper authorization CVE-2025-4104 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function CVE-2025-10820 fuyang_lipengjun platform queryAll TopicController improper authorization

Identifiers

CVE CVE-2021-25382

CWE CWE-285

CVSS 6.1 / MEDIUM

Affected versions

Vendor Samsung Mobile

Product Samsung Mobile Devices

Affected ≥ O(8.x), P(9.0), Q(10.0), R(11.0) and < SMR Oct-2020 Release 1