CVE-2021-25395 MEDIUM

CVE-2021-25395

Vendor Samsung Mobile
Product Samsung Mobile Devices
Weakness CWE-362
KEV Status Known Exploited
Published June 11, 2021
Last update October 21, 2025

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Key dates

03Disclosure timeline

June 11, 2021 CVE published
October 21, 2025 Record updated