Invalid Input in RM before v5.59.11 Enables Privileged Cmd Exec
CVE-2025-21065 Published on October 10, 2025

Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.

NVD

Vulnerability Analysis

CVE-2025-21065 can be exploited with physical access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

PHYSICAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Affected Versions

Samsung Mobile Retail Mode Version 5.59.11 is unaffected by CVE-2025-21065

Exploit Probability

EPSS

0.05%

Percentile

16.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Invalid Input in RM before v5.59.11 Enables Privileged Cmd ExecCVE-2025-21065 Published on October 10, 2025

Vulnerability Analysis

Affected Versions

Exploit Probability

Invalid Input in RM before v5.59.11 Enables Privileged Cmd Exec
CVE-2025-21065 Published on October 10, 2025