CVE-2021-25337 in Google and Samsung Products
Published on March 4, 2021

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Samsung Mobile Devices Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

The following remediation steps are recommended / required by November 29, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2021-25337 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Products Associated with CVE-2021-25337

You can be notified by stack.watch whenever vulnerabilities like CVE-2021-25337 are published in these products:

Google Android

Samsung Android

What versions are vulnerable to CVE-2021-25337?

Samsung Android Version 10.0 smr-aug-2020-r1
Samsung Android Version 10.0 smr-dec-2019-r1
Samsung Android Version 10.0 smr-dec-2020-r1
Samsung Android Version 10.0 smr-feb-2020-r1
Samsung Android Version 10.0 smr-feb-2021-r1
Samsung Android Version 10.0 smr-jan-2020-r1
Samsung Android Version 10.0 smr-jan-2021-r1
Samsung Android Version 10.0 smr-jul-2020-r1
Samsung Android Version 10.0 smr-jun-2020-r1
Samsung Android Version 10.0 smr-mar-2020-r1
Samsung Android Version 10.0 smr-may-2020-r1
Samsung Android Version 10.0 smr-nov-2019-r1
Samsung Android Version 10.0 smr-nov-2020-r1
Samsung Android Version 10.0 smr-oct-2020-r1
Samsung Android Version 10.0 smr-sep-2020-r1
Samsung Android Version 11.0 smr-dec-2020-r1
Samsung Android Version 11.0 smr-feb-2021-r1
Samsung Android Version 11.0 smr-jan-2021-r1
Samsung Android Version 9.0 smr-apr-2019-r1
Samsung Android Version 9.0 smr-apr-2020-r1
Samsung Android Version 9.0 smr-aug-2019-r1
Samsung Android Version 9.0 smr-aug-2020-r1
Samsung Android Version 9.0 smr-dec-2018-r1
Samsung Android Version 9.0 smr-dec-2019-r1
Samsung Android Version 9.0 smr-dec-2020-r1
Samsung Android Version 9.0 smr-feb-2019-r1
Samsung Android Version 9.0 smr-feb-2020-r1
Samsung Android Version 9.0 smr-feb-2021-r1
Samsung Android Version 9.0 smr-jan-2019-r1
Samsung Android Version 9.0 smr-jan-2020-r1
Samsung Android Version 9.0 smr-jan-2021-r1
Samsung Android Version 9.0 smr-jul-2019-r1
Samsung Android Version 9.0 smr-jul-2020-r1
Samsung Android Version 9.0 smr-jun-2019-r1
Samsung Android Version 9.0 smr-jun-2020-r1
Samsung Android Version 9.0 smr-mar-2019-r1
Samsung Android Version 9.0 smr-mar-2020-r1
Samsung Android Version 9.0 smr-may-2019-r1
Samsung Android Version 9.0 smr-may-2020-r1
Samsung Android Version 9.0 smr-nov-2018-r1
Samsung Android Version 9.0 smr-nov-2019-r1
Samsung Android Version 10.0 smr-apr-2020-r1
Samsung Android Version 9.0 smr-nov-2020-r1
Samsung Android Version 9.0 smr-oct-2018-r1
Samsung Android Version 9.0 smr-oct-2019-r1
Samsung Android Version 9.0 smr-oct-2020-r1
Samsung Android Version 9.0 smr-sep-2019-r1
Samsung Android Version 9.0 smr-sep-2020-r1

CVE-2021-25337 in Google and Samsung ProductsPublished on March 4, 2021

Known Exploited Vulnerability

Vulnerability Analysis

Products Associated with CVE-2021-25337

What versions are vulnerable to CVE-2021-25337?

CVE-2021-25337 in Google and Samsung Products
Published on March 4, 2021