CVE-2021-25337 is a vulnerability in Google Android
Published on March 4, 2021
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
Known Exploited Vulnerability
This Samsung Mobile Devices Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
The following remediation steps are recommended / required by November 29, 2022: Apply updates per vendor instructions.
CVE-2021-25337 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Products Associated with CVE-2021-25337
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-25337 are published in these products:
What versions of Android are vulnerable to CVE-2021-25337?
- Google Android Version 9.0
- Google Android Version 10.0
- Google Android Version 11.0