CVE-2025-21076

Published Nov 5, 2025

Last updated 4 months ago

CVSS medium 5.5

Overview

Description
Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
account

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21264
  2. Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.CVE-2025-58487
  3. Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.CVE-2025-58486
  4. Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.CVE-2023-21481
  5. Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.CVE-2025-21396

References

Sources include official advisories and independent security research.