CVE-2021-25403: Infoleak
First published: Fri Jun 11 2021(Updated: )
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Account | <10.8.0.4 | |
| Google Android | <=9.0 | |
| Samsung Account | =12.2.0.9 | |
| Google Android | >=10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-25403?
CVE-2021-25403 is an intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above.
How severe is CVE-2021-25403?
CVE-2021-25403 has a severity rating of 3.3, which is considered low.
What is the affected software?
The affected software includes Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above.
How can an attacker exploit CVE-2021-25403?
An attacker can exploit CVE-2021-25403 to access contacts and file provider using the SettingWebView component.
Is Google Android vulnerable to CVE-2021-25403?
No, Google Android is not vulnerable to CVE-2021-25403.
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung account
- vendor/google
- canonical/google android
- version/google android/9.0
- version/samsung account/12.2.0.9
- version/google android/10.0