SB2025080565 - Multiple vulnerabilities in Samsung products

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025080565

SB2025080565 - Multiple vulnerabilities in Samsung products

Published: August 5, 2025

Security Bulletin ID SB2025080565
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2025-21017)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in detaching crypto box. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.


2) Out-of-bounds read (CVE-ID: CVE-2025-21018)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


3) Improper Authorization (CVE-ID: CVE-2025-21019)

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to improper authorization. A local attacker can bypass authorization and gain access to sensitive information.


4) Out-of-bounds write (CVE-ID: CVE-2025-21020)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in creating bitmap images. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.


5) Out-of-bounds write (CVE-ID: CVE-2025-21021)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in drawing pinpad. A local user can out-of-bounds write and execute arbitrary code on the target system.


6) Improper access control (CVE-ID: CVE-2025-21022)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information.


7) Improper access control (CVE-ID: CVE-2025-21023)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in WcsExtension. A local attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information.


8) Use of implicit intent for sensitive communication (CVE-ID: CVE-2025-21024)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to use of implicit intent for sensitive communication. A local attacker can gain access to sensitive information.


Remediation

Install update from vendor's website.

References