Samsung Samsung

  1. Vendors
  2. Samsung

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Samsung product.

RSS Feeds for Samsung security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Samsung products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android349 vulnerabilities

Samsung Notes61 vulnerabilities

Samsung Exynos51 vulnerabilities

Samsung Mobile Devices42 vulnerabilities

Samsung Galaxy Store28 vulnerabilities

Samsung Internet25 vulnerabilities

Samsung Account22 vulnerabilities

Samsung Magicinfo 9 Server20 vulnerabilities

Samsung Smartthings19 vulnerabilities

Samsung Pass14 vulnerabilities

Samsung Blockchain Keystore12 vulnerabilities

Samsung Health11 vulnerabilities

Samsung Pass10 vulnerabilities

Samsung Email10 vulnerabilities

Samsung Email9 vulnerabilities

Samsung Cloud8 vulnerabilities

Samsung Gallery8 vulnerabilities

Samsung Flow7 vulnerabilities

Samsung Blockchain Keystore7 vulnerabilities

Samsung Data Management Server Firmware6 vulnerabilities

Samsung Members6 vulnerabilities

Samsung Flow6 vulnerabilities

Samsung Wear Os6 vulnerabilities

Samsung Rlottie4 vulnerabilities

Samsung Pay4 vulnerabilities

Samsung Magician4 vulnerabilities

Samsung Exynos 1380 Firmware3 vulnerabilities

Samsung Bixby2 vulnerabilities

Samsung Nearby Device Scanning2 vulnerabilities

Samsung Uphelper Library2 vulnerabilities

Samsung Easysetup2 vulnerabilities

Samsung Escargot2 vulnerabilities

Samsung Exynos 2200 Firmware2 vulnerabilities

Samsung Exynos Modem 5300 Firmware2 vulnerabilities

Samsung Galaxy S24 Firmware2 vulnerabilities

Samsung Group Sharing2 vulnerabilities

Samsung Assistant1 vulnerability

Samsung Dex1 vulnerability

Samsung Exynos 1080 Firmware1 vulnerability

Samsung Exynos 1280 Firmware1 vulnerability

Samsung Exynos 1330 Firmware1 vulnerability

Samsung Exynos 1480 Firmware1 vulnerability

Samsung Exynos W930 Firmware1 vulnerability

Samsung Galaxystore1 vulnerability

Recent Samsung Security Advisories

Advisory Title Published
SMR-Jan-2026 Samsung Mobile Security Maintenance Release SMR-Jan-2026 January 6, 2026
SMR-Dec-2025 Samsung Mobile Security Maintenance Release SMR-Dec-2025 December 2, 2025
SMR-Nov-2025 Samsung Mobile Security Maintenance Release SMR-Nov-2025 November 11, 2025

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
CVE-2025-21042 Exploit Probability: 2.8% 		November 10, 2025
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
CVE-2025-21043 Exploit Probability: 11.3% 		October 2, 2025
Samsung MagicINFO 9 Server Path Traversal Vulnerability Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
CVE-2025-4632 Exploit Probability: 41.2% 		May 22, 2025
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
CVE-2022-22265 Exploit Probability: 0.2% 		September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
CVE-2021-25487 Exploit Probability: 2.4% 		June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
CVE-2021-25489 Exploit Probability: 0.4% 		June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25394 Exploit Probability: 0.6% 		June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25395 Exploit Probability: 0.2% 		June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
CVE-2021-25371 Exploit Probability: 0.9% 		June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
CVE-2021-25372 Exploit Probability: 0.9% 		June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
CVE-2023-21492 Exploit Probability: 0.3% 		May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
CVE-2021-25337 Exploit Probability: 0.3% 		November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
CVE-2021-25369 Exploit Probability: 0.2% 		November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
CVE-2021-25370 Exploit Probability: 0.2% 		November 8, 2022

The vulnerability CVE-2025-4632: Samsung MagicINFO 9 Server Path Traversal Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 9 vulnerabilities in Samsung with an average score of 5.3 out of ten. Last year, in 2025 Samsung had 188 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Samsung in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.97




Year Vulnerabilities Average Score
2026 9 5.30
2025 188 6.27
2024 230 5.95
2023 236 6.33
2022 147 5.66
2021 73 5.73
2020 7 9.26
2019 7 7.16
2018 19 7.39

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-20976 Jan 09, 2026
Improper input validation in Galaxy Store prior to version 4.6.02 Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
Galaxy Store
CVE-2026-20975 Jan 09, 2026
Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
Cloud
CVE-2026-20974 Jan 09, 2026
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
Samsung Mobile Devices
CVE-2026-20973 Jan 09, 2026
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2026-20972 Jan 09, 2026
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
Samsung Mobile Devices
CVE-2026-20971 Jan 09, 2026
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
Samsung Mobile Devices
CVE-2026-20970 Jan 09, 2026
Improper access control in SLocation prior to SMR Jan-2026 Release 1 Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
Samsung Mobile Devices
CVE-2026-20969 Jan 09, 2026
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
Samsung Mobile Devices
CVE-2026-20968 Jan 09, 2026
Use after free in DualDAR prior to SMR Jan-2026 Release 1 Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2025-58488 Dec 02, 2025
CVE-2025-58488: Improper Comm Channel Verification in SmartTouchCall <1.0.1.1 Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVE-2025-58487 Dec 02, 2025
Improper Auth in Samsung Account <15.5.01.1: Local Attacker Spawns Activity Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
Account
CVE-2025-58486 Dec 02, 2025
Samsung Account <15.5.01.1 Improper Input Validation Enables Local Script Exec Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
Account
CVE-2025-58485 Dec 02, 2025
Samsung Internet <29.0.0.48 Script Injection (Local) Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
Internet
CVE-2025-58484 Dec 02, 2025
Samsung Cloud Assistant 8.0.03.8 Default Permission Flaw Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.
Cloud
CVE-2025-58483 Dec 02, 2025
Galaxy Store: Improper export of Android allows local installs (1.0.06.28) Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
Galaxy Store
CVE-2025-58482 Dec 02, 2025
MotionPhoto <4.1.51 Improper ACL in MPLocalService Enables Privileged Service Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVE-2025-58481 Dec 02, 2025
MotionPhoto <4.1.51 Improper Access Control in MPRemoteService Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVE-2025-58480 Dec 02, 2025
Heap Overflow in libimagecodec.quram.so (CVE-2025-58480) Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58479 Dec 02, 2025
Qualcomm libimagecodec.quram.so OOB Read Remote Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58478 Dec 02, 2025
Out-of-bounds write in libimagecodec.quram.so allows remote memory access Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58477 Dec 02, 2025
libimagecodec.quram.so OOB Write in IFD Tag Parsing Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58476 Dec 02, 2025
Out-of-Bounds Read in Bootloader (CVE-2025-58476) Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-58475 Dec 02, 2025
Android: libsecril.so OOB Write via Input Validation Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21080 Dec 02, 2025
CVE-2025-21080: Improper Export of Android Dynamic Lockscreen Enables Local Access Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.
Samsung Mobile Devices
CVE-2025-21072 Dec 02, 2025
Fingerprint Trustlet OOB Write in Metadata Decoding (CVE-2025-21072) Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21079 Nov 05, 2025
Samsung Members <=5.5.01.3 Input Validation Allows Remote URL & Activity Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
Members
CVE-2025-21078 Nov 05, 2025
Insufficient Random secretKey in Smart Switch <3.7.68.6 Adjacent Attack Backup Access Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
Smart Switch
CVE-2025-21077 Nov 05, 2025
Samsung Email local privilege escalation via input validation before 6.2.06.0 Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
Email
CVE-2025-21076 Nov 05, 2025
Samsung Account Improper Permission Handling <15.5.00.18 Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
Account
CVE-2025-21075 Nov 05, 2025
OOB write in libimagecodec.quram.so (Qualcomm) permits remote memory access Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21074 Nov 05, 2025
Out-of-bounds read in Qualcomm libimagecodec.quram.so (CVE-2025-21074) Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-21073 Nov 05, 2025
Samsung SMR 1.0: USB Default Config Enables Physical Data Access Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
Samsung Mobile Devices
CVE-2025-21071 Nov 05, 2025
OOB write in Fingerprint Trustlet (SMR Nov2025) local privileged Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2025-52512 Nov 04, 2025
HTS Driver Condition Causes OOB Memory Access on Samsung Exynos An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Exynos
CVE-2025-54325 Nov 04, 2025
Samsung Exynos VTS Driver Race Condition OOB Read Info Leak An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Exynos
CVE-2025-54323 Nov 04, 2025
Samsung Exynos Camera Info Leakage via Improper Debug Printing An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
Exynos
CVE-2025-54332 Nov 04, 2025
Samsung Exynos NPU NULL Pointer Deref in profiler.node An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.
Exynos
CVE-2025-26782 Oct 20, 2025
Samsung Exynos L2 DoS via RLC AM PDU Handling An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service.
Exynos
CVE-2025-26781 Oct 20, 2025
Samsung Exynos L2 RLC AM PDU DoS An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service.
Exynos
CVE-2024-55568 Oct 20, 2025
Samsung Exynos MM Packet NULL Check DoS An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target.
Exynos
CVE-2025-48025 Oct 20, 2025
Improper Access Control in Samsung Exynos Log File In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.
Exynos
CVE-2025-21050 Oct 10, 2025
Microsoft Windows Contacts: Improper Input Validation Enables Local Data Access Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.
CVE-2025-21070 Oct 10, 2025
Samsung Notes 4.4.30.63: OOB write in SPI decoder (CVE-2025-21070) Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
Notes
CVE-2025-21069 Oct 10, 2025
Samsung Notes OB-Read in Image Parsing Before 4.4.30.63 Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Notes
CVE-2025-21068 Oct 10, 2025
Samsung Notes OOB Read in Image Data (Pre-4.4.30.63) Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Notes
CVE-2025-21067 Oct 10, 2025
Samsung Notes OOB Read in image buffer (4.4.30.63) Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Notes
CVE-2025-21066 Oct 10, 2025
CVE-2025-21066: OOB Read in Samsung Notes SPI Decoder <4.4.30.63 Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Notes
CVE-2025-21065 Oct 10, 2025
Invalid Input in RM before v5.59.11 Enables Privileged Cmd Exec Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.
CVE-2025-21064 Oct 10, 2025
Improper Auth in Smart Switch pre-3.7.66.6: Adjacent Attacker Data Access Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
CVE-2025-21063 Oct 10, 2025
Samsung Voice Record: Physical Access on Lock Screen before 21.5.73.12 Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.