Samsung Samsung

  1. Vendors
  2. Samsung

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Samsung product.

RSS Feeds for Samsung security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Samsung products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android350 vulnerabilities

Samsung Notes61 vulnerabilities

Samsung Exynos55 vulnerabilities

Samsung Mobile Devices54 vulnerabilities

Samsung Galaxy Store28 vulnerabilities

Samsung Internet25 vulnerabilities

Samsung Magicinfo 9 Server23 vulnerabilities

Samsung Account22 vulnerabilities

Samsung Smartthings19 vulnerabilities

Samsung Pass14 vulnerabilities

Samsung Blockchain Keystore12 vulnerabilities

Samsung Email12 vulnerabilities

Samsung Health11 vulnerabilities

Samsung Pass10 vulnerabilities

Samsung Email9 vulnerabilities

Samsung Cloud8 vulnerabilities

Samsung Members8 vulnerabilities

Samsung Gallery8 vulnerabilities

Samsung Flow7 vulnerabilities

Samsung Blockchain Keystore7 vulnerabilities

Samsung Data Management Server Firmware6 vulnerabilities

Samsung Flow6 vulnerabilities

Samsung Wear Os6 vulnerabilities

Samsung Rlottie4 vulnerabilities

Samsung Pay4 vulnerabilities

Samsung Magician4 vulnerabilities

Samsung Update3 vulnerabilities

Samsung Exynos 1380 Firmware3 vulnerabilities

Samsung Bixby2 vulnerabilities

Samsung Nearby Device Scanning2 vulnerabilities

Samsung Uphelper Library2 vulnerabilities

Samsung Easysetup2 vulnerabilities

Samsung Escargot2 vulnerabilities

Samsung Exynos 2200 Firmware2 vulnerabilities

Samsung Exynos Modem 5300 Firmware2 vulnerabilities

Samsung Galaxy S24 Firmware2 vulnerabilities

Samsung Group Sharing2 vulnerabilities

Samsung Assistant1 vulnerability

Samsung Dex1 vulnerability

Samsung Exynos 1080 Firmware1 vulnerability

Samsung Exynos 1280 Firmware1 vulnerability

Samsung Exynos 1330 Firmware1 vulnerability

Samsung Exynos 1480 Firmware1 vulnerability

Samsung Exynos W930 Firmware1 vulnerability

Samsung Galaxystore1 vulnerability

Recent Samsung Security Advisories

Advisory Title Published
SMR-Mar-2026 Samsung Mobile Security Maintenance Release SMR-Mar-2026 March 3, 2026
SMR-Feb-2026 Samsung Mobile Security Maintenance Release SMR-Feb-2026 February 3, 2026
SMR-Jan-2026 Samsung Mobile Security Maintenance Release SMR-Jan-2026 January 6, 2026
SMR-Dec-2025 Samsung Mobile Security Maintenance Release SMR-Dec-2025 December 2, 2025
SMR-Nov-2025 Samsung Mobile Security Maintenance Release SMR-Nov-2025 November 11, 2025

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
CVE-2025-21042 Exploit Probability: 1.8% 		November 10, 2025
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
CVE-2025-21043 Exploit Probability: 4.9% 		October 2, 2025
Samsung MagicINFO 9 Server Path Traversal Vulnerability Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
CVE-2025-4632 Exploit Probability: 37.9% 		May 22, 2025
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
CVE-2022-22265 Exploit Probability: 0.2% 		September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
CVE-2021-25487 Exploit Probability: 2.4% 		June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
CVE-2021-25489 Exploit Probability: 0.4% 		June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25394 Exploit Probability: 0.6% 		June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25395 Exploit Probability: 0.2% 		June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
CVE-2021-25371 Exploit Probability: 0.9% 		June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
CVE-2021-25372 Exploit Probability: 1.0% 		June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
CVE-2023-21492 Exploit Probability: 0.4% 		May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
CVE-2021-25337 Exploit Probability: 1.1% 		November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
CVE-2021-25369 Exploit Probability: 0.2% 		November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
CVE-2021-25370 Exploit Probability: 0.2% 		November 8, 2022

The vulnerability CVE-2025-4632: Samsung MagicINFO 9 Server Path Traversal Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 27 vulnerabilities in Samsung with an average score of 7.4 out of ten. Last year, in 2025 Samsung had 191 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.12.




Year Vulnerabilities Average Score
2026 27 7.41
2025 191 6.29
2024 230 5.95
2023 236 6.33
2022 147 5.66
2021 73 5.73
2020 10 8.10
2019 7 7.00
2018 20 7.71

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-62816 Mar 03, 2026
Samsung Exynos SoC VS4L VertexIOC Bootup DoS An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service.
Exynos
CVE-2025-62814 Mar 03, 2026
Samsung Exynos Null Pointer Deref Denial-of-Service in load_fw_utc_vector() An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
Exynos
CVE-2026-20987 Feb 04, 2026
GalaxyDiagnostics <3.5.050 Improper Input Validation Enables Local Privileged Command Execution Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands.
CVE-2026-20986 Feb 04, 2026
Path traversal: Samsung Members <15.5.05.4 allowing local data overwrite Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.
Members
CVE-2026-20985 Feb 04, 2026
Samsung Members <5.6.00.11 Improper Input Validation Allows Remote Activity Launch Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
Members
CVE-2026-20984 Feb 04, 2026
Galaxy Wearable <2.2.68 Improper Permission Handling Allows Local Info Disclosure Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information.
CVE-2026-20983 Feb 04, 2026
Samsung Dialer local privilege escalation via exported activity (CVE-2026-20983) Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.
Samsung Mobile Devices
CVE-2026-20982 Feb 04, 2026
Local Path Traversal in Windows ShortcutService Privileged File Creation Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
Samsung Mobile Devices
CVE-2026-20981 Feb 04, 2026
FacAtFunction Input Validation flaw allows system privilege exec Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.
Samsung Mobile Devices
CVE-2026-20980 Feb 04, 2026
Improper Input Validation in PACM Enables Physical Command Execution Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.
Samsung Mobile Devices
CVE-2026-20979 Feb 04, 2026
Android Settings Privilege Escalation via Improper Priv Management Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.
Samsung Mobile Devices
CVE-2026-20978 Feb 04, 2026
CVE-2026-20978: Improper Auth in Samsung KnoxGuardManager persistence Bypass Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
Samsung Mobile Devices
CVE-2026-20977 Feb 04, 2026
Improper Access Control in Emergency Sharing (local attacker interruption) Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.
Samsung Mobile Devices
CVE-2025-58347 Feb 03, 2026
Samsung Exynos WiFi Driver: Unbounded Mem Alloc Causing Kernel Exhaustion An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation, leading to kernel memory exhaustion.
Exynos
CVE-2026-25202 Feb 02, 2026
MagicINFO 9 Server 21.1090.1: Hardcoded DB Credentials Allow Unauth DB Access The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.
Magicinfo 9 Server
CVE-2026-25201 Feb 02, 2026
MagicINFO 9 Server <21.1090.1 Unauth Remote File Upload RCE An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.
Magicinfo 9 Server
CVE-2026-25200 Feb 02, 2026
MagicINFO 9 Server <=21.1090.1 Stored XSS via Unauth HTML Upload A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.
Magicinfo 9 Server
CVE-2026-20976 Jan 09, 2026
Galaxy Store <4.6.02: PIV -> local script exec Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
Galaxy Store
CVE-2026-20975 Jan 09, 2026
Samsung Cloud <=5.6.10 Improper Permission Handling (File Exposure) Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
Cloud
CVE-2026-20974 Jan 09, 2026
Samsung Mobile SMR Jan-2026 Input Validation Bypass of Carrier Relock Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
Samsung Mobile Devices
CVE-2026-20973 Jan 09, 2026
Samsung Mobile libimagecodec.quram.so OOB Read Vulnerability Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2026-20972 Jan 09, 2026
Samsung UwbTest Improper Export Enables Local UWB Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
Samsung Mobile Devices
CVE-2026-20971 Jan 09, 2026
Use-After-Free in Samsung PROCA Driver Enables Local Code Execution Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
Samsung Mobile Devices
CVE-2026-20970 Jan 09, 2026
Samsung SLocation Improper ACL Enables Privileged API Exec Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
Samsung Mobile Devices
CVE-2026-20969 Jan 09, 2026
Samsung SecSettings Local Priv Escalation via Input Validation Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
Samsung Mobile Devices
CVE-2026-20968 Jan 09, 2026
DualDAR Use-After-Free Exploit, Local Privilege Escalation Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2025-52519 Jan 05, 2026
Samsung Exynos G3 Camera Driver Improper Validation Info Disclosure & DoS An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
Exynos
CVE-2025-58488 Dec 02, 2025
CVE-2025-58488: Improper Comm Channel Verification in SmartTouchCall <1.0.1.1 Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVE-2025-58487 Dec 02, 2025
Improper Auth in Samsung Account <15.5.01.1: Local Attacker Spawns Activity Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
Account
CVE-2025-58486 Dec 02, 2025
Samsung Account <15.5.01.1 Improper Input Validation Enables Local Script Exec Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
Account
CVE-2025-58485 Dec 02, 2025
Samsung Internet <29.0.0.48 Script Injection (Local) Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
Internet
CVE-2025-58484 Dec 02, 2025
Samsung Cloud Assistant 8.0.03.8 Default Permission Flaw Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.
Cloud
CVE-2025-58483 Dec 02, 2025
Galaxy Store: Improper export of Android allows local installs (1.0.06.28) Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
Galaxy Store
CVE-2025-58482 Dec 02, 2025
MotionPhoto <4.1.51 Improper ACL in MPLocalService Enables Privileged Service Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVE-2025-58481 Dec 02, 2025
MotionPhoto <4.1.51 Improper Access Control in MPRemoteService Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVE-2025-58480 Dec 02, 2025
Heap Overflow in libimagecodec.quram.so (CVE-2025-58480) Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58479 Dec 02, 2025
Qualcomm libimagecodec.quram.so OOB Read Remote Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58478 Dec 02, 2025
Out-of-bounds write in libimagecodec.quram.so allows remote memory access Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58477 Dec 02, 2025
libimagecodec.quram.so OOB Write in IFD Tag Parsing Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58476 Dec 02, 2025
Out-of-Bounds Read in Bootloader (CVE-2025-58476) Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58475 Dec 02, 2025
Android: libsecril.so OOB Write via Input Validation Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21080 Dec 02, 2025
CVE-2025-21080: Improper Export of Android Dynamic Lockscreen Enables Local Access Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.
Samsung Mobile Devices
CVE-2025-21072 Dec 02, 2025
Fingerprint Trustlet OOB Write in Metadata Decoding (CVE-2025-21072) Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21079 Nov 05, 2025
Samsung Members <=5.5.01.3 Input Validation Allows Remote URL & Activity Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
Members
CVE-2025-21078 Nov 05, 2025
Insufficient Random secretKey in Smart Switch <3.7.68.6 Adjacent Attack Backup Access Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
Smart Switch
CVE-2025-21077 Nov 05, 2025
Samsung Email local privilege escalation via input validation before 6.2.06.0 Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
Email
CVE-2025-21076 Nov 05, 2025
Samsung Account Improper Permission Handling <15.5.00.18 Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
Account
CVE-2025-21075 Nov 05, 2025
OOB write in libimagecodec.quram.so (Qualcomm) permits remote memory access Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21074 Nov 05, 2025
Out-of-bounds read in Qualcomm libimagecodec.quram.so (CVE-2025-21074) Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21073 Nov 05, 2025
Samsung SMR 1.0: USB Default Config Enables Physical Data Access Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
Samsung Mobile Devices
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.