CVE-2021-25459 MEDIUM

CVE-2021-25459

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-285

Published September 9, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

Key dates

02Disclosure timeline

September 9, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25459 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2023-6538 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. CVE-2024-12347 Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization CVE-2026-8747 Z-BlogPHP Commend Approval c_system_event.php CheckComment improper authorization CVE-2026-10285 DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization CVE-2019-2386 Authorization session conflation

Identifiers

CVE CVE-2021-25459

CWE CWE-285

CVSS 4.0 / MEDIUM

Affected versions

Vendor Samsung Mobile

Product Samsung Mobile Devices

Affected ≥ Select Q(10.0), R(11.0) devices and < SMR Sep-2021 Release 1