CVE-2021-25507 is a vulnerability in Samsung Flow
Published on November 5, 2021

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2021-25507 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2021-25507

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-25507 are published in Samsung Flow:

Samsung Flow

Affected Versions

Samsung Mobile Samsung Flow:

Version - and below 4.8.03.5 is affected.

Exploit Probability

EPSS

0.08%

Percentile

23.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-25507 is a vulnerability in Samsung FlowPublished on November 5, 2021

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2021-25507

Affected Versions

Exploit Probability

CVE-2021-25507 is a vulnerability in Samsung Flow
Published on November 5, 2021