CVE-2025-21067

Published Oct 10, 2025

Last updated 5 months ago

CVSS medium 4.0

Overview

Description
Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
notes

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
5.2
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-125

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.CVE-2025-21070
  2. Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.CVE-2025-21069
  3. Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.CVE-2025-21068
  4. Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.CVE-2025-21066
  5. Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.CVE-2025-21057

References

Sources include official advisories and independent security research.