CVE-2025-21058 | THREATINT

Description

Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.

PUBLISHED Reserved 2024-11-06 | Published 2025-10-10 | Updated 2025-10-10 | Assigner SamsungMobile

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Problem types

CWE-284: Improper Access Control

Product status

Default status

affected

4.8.7.1 in Android 15 and 4.9.6.0 in Android 16

unaffected

References

security.samsungmobile.com/...iceWeb.smsb?year=2025&month=10

cve.org (CVE-2025-21058)

nvd.nist.gov (CVE-2025-21058)

Download JSON