SB2025090311 - Multiple vulnerabilities in Samsung products

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025090311

SB2025090311 - Multiple vulnerabilities in Samsung products

Published: September 3, 2025

Security Bulletin ID SB2025090311
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Physical access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2025-21037)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and gain access to data across multiple user profiles.


2) Improper Verification of Intent by Broadcast Receiver (CVE-ID: CVE-2025-21040)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper verification of intent by ExternalBroadcastReceiver. A local attacker can modify itinerary information.


3) Improper access control (CVE-ID: CVE-2025-21036)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain unauthorized access to exported note files.


4) Improper access control (CVE-ID: CVE-2025-21035)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and gain unauthorized access to data across multiple user profiles.


5) Improper Verification of Intent by Broadcast Receiver (CVE-ID: CVE-2025-21038)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper verification of intent by SamsungExceptionalBroadcastReceiver. A local attacker can modify itinerary information.


6) Improper Verification of Intent by Broadcast Receiver (CVE-ID: CVE-2025-21039)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper verification of intent by SystemExceptionalBroadcastReceiver. A local attacker can modify itinerary information.


7) Insecure Storage of Sensitive Information (CVE-ID: CVE-2025-21041)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insecure storage of sensitive information. A local attacker can gain access to sensitive information on the system.


Remediation

Install update from vendor's website.

References