CVE-2025-21077

Published Nov 5, 2025

Last updated 4 months ago

CVSS low 3.3

Overview

Description
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
email

Risk scores

CVSS 3.1

Type
Primary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.CVE-2025-20894
  2. Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.CVE-2024-34636
  3. Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.CVE-2024-20867
  4. Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.CVE-2024-20807

References

Sources include official advisories and independent security research.