CVE-2021-25381
First published: Fri Apr 09 2021(Updated: )
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Account SDK | =10.8.0.4 | |
| Android | =1.0 | |
| Android | =1.1 | |
| Android | =1.5 | |
| Android | =1.6 | |
| Android | =2.0 | |
| Android | =2.0.1 | |
| Android | =2.1 | |
| Android | =2.2 | |
| Android | =2.2-rev1 | |
| Android | =2.2.1 | |
| Android | =2.2.2 | |
| Android | =2.2.3 | |
| Android | =2.3 | |
| Android | =2.3-rev1 | |
| Android | =2.3.1 | |
| Android | =2.3.2 | |
| Android | =2.3.3 | |
| Android | =2.3.4 | |
| Android | =2.3.5 | |
| Android | =2.3.6 | |
| Android | =2.3.7 | |
| Android | =3.0 | |
| Android | =3.1 | |
| Android | =3.2 | |
| Android | =3.2.1 | |
| Android | =3.2.2 | |
| Android | =3.2.4 | |
| Android | =3.2.6 | |
| Android | =4.0 | |
| Android | =4.0.1 | |
| Android | =4.0.2 | |
| Android | =4.0.3 | |
| Android | =4.0.4 | |
| Android | =4.1 | |
| Android | =4.1.1 | |
| Android | =4.1.2 | |
| Android | =4.2 | |
| Android | =4.2.1 | |
| Android | =4.2.2 | |
| Android | =4.3 | |
| Android | =4.3.1 | |
| Android | =4.4 | |
| Android | =4.4.1 | |
| Android | =4.4.2 | |
| Android | =4.4.3 | |
| Android | =4.4.4 | |
| Android | =5.0 | |
| Android | =5.0.1 | |
| Android | =5.0.2 | |
| Android | =5.1 | |
| Android | =5.1.0 | |
| Android | =5.1.1 | |
| Android | =6.0 | |
| Android | =6.0.1 | |
| Android | =7.0 | |
| Android | =7.1.0 | |
| Android | =7.1.1 | |
| Android | =7.1.2 | |
| Android | =8.0 | |
| Android | =8.1 | |
| Android | =9.0 | |
| Samsung Account SDK | =12.1.1.3 | |
| Android | =10.0 | |
| Android | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-25381?
CVE-2021-25381 is classified as a high severity vulnerability due to its potential for unauthorized actions by local attackers.
How do I fix CVE-2021-25381?
To fix CVE-2021-25381, update the Samsung Account application to the latest version that addresses this vulnerability.
Which versions are affected by CVE-2021-25381?
CVE-2021-25381 affects Samsung Account versions 10.8.0.4 and 12.1.1.3 in specified Android versions.
What type of attack does CVE-2021-25381 enable?
CVE-2021-25381 enables local attackers to hijack PendingIntents, allowing unauthorized actions without user consent.
Is my Android device vulnerable to CVE-2021-25381?
If you are using Samsung Account versions 10.8.0.4 or 12.1.1.3 on Android P(9.0) and below, or Q(10.0) and above, your device is vulnerable.
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung account sdk
- version/samsung account sdk/10.8.0.4
- vendor/google
- canonical/android
- version/android/1.0
- version/android/1.1
- version/android/1.5
- version/android/1.6
- version/android/2.0
- version/android/2.0.1
- version/android/2.1
- version/android/2.2
- version/android/2.2-rev1
- version/android/2.2.1
- version/android/2.2.2
- version/android/2.2.3
- version/android/2.3
- version/android/2.3-rev1
- version/android/2.3.1
- version/android/2.3.2
- version/android/2.3.3
- version/android/2.3.4
- version/android/2.3.5
- version/android/2.3.6
- version/android/2.3.7
- version/android/3.0
- version/android/3.1
- version/android/3.2
- version/android/3.2.1
- version/android/3.2.2
- version/android/3.2.4
- version/android/3.2.6
- version/android/4.0
- version/android/4.0.1
- version/android/4.0.2
- version/android/4.0.3
- version/android/4.0.4
- version/android/4.1
- version/android/4.1.1
- version/android/4.1.2
- version/android/4.2
- version/android/4.2.1
- version/android/4.2.2
- version/android/4.3
- version/android/4.3.1
- version/android/4.4
- version/android/4.4.1
- version/android/4.4.2
- version/android/4.4.3
- version/android/4.4.4
- version/android/5.0
- version/android/5.0.1
- version/android/5.0.2
- version/android/5.1
- version/android/5.1.0
- version/android/5.1.1
- version/android/6.0
- version/android/6.0.1
- version/android/7.0
- version/android/7.1.0
- version/android/7.1.1
- version/android/7.1.2
- version/android/8.0
- version/android/8.1
- version/android/9.0
- version/samsung account sdk/12.1.1.3
- version/android/10.0
- version/android/11.0