CVE-2021-25394 MEDIUM

CVE-2021-25394

Vendor Samsung Mobile
Product Samsung Mobile Devices
Weakness CWE-416
KEV Status Known Exploited
Published June 11, 2021
Last update October 21, 2025

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Key dates

03Disclosure timeline

June 11, 2021 CVE published
October 21, 2025 Record updated