CVE-2023-21481

Published Sep 3, 2025

Last updated 6 months ago

CVSS medium 5.4

Overview

Description
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
account

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2023-21481 Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. https://t.co/WKNqtM7gbN

    @CVEnew

    3 Sept 2025

    297 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21264
  2. Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.CVE-2025-58487
  3. Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.CVE-2025-58486
  4. Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.CVE-2025-21076
  5. Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.CVE-2025-21396

References

Sources include official advisories and independent security research.