google android CVE-2021-25337 is a vulnerability in Google Android
Published on March 4, 2021

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Samsung Mobile Devices Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

The following remediation steps are recommended / required by November 29, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2021-25337 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Products Associated with CVE-2021-25337

You can be notified by whenever vulnerabilities like CVE-2021-25337 are published in these products:


What versions of Android are vulnerable to CVE-2021-25337?