CVE-2021-25357

MEDIUM

Create Movie <SMR APR-2021 Release 1 - Info Disclosure

Title source: llm
STIX 2.1

Description

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 5.6
EPSS 0.0011
EPSS Percentile 1.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-200 CWE-668
Status published
Products (2)
google/android 8.1
google/android 9.0
Published Apr 09, 2021
Tracked Since Feb 18, 2026