CVE-2021-25374

HIGH

Samsung Members <3.9.00.9 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-25374. PoCs published by ReversecLabs.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-25374, which leverages a Samsung Account access vulnerability via a crafted intent URL. The script automates the process of extracting authentication tokens and session cookies to gain unauthorized access to a victim's Samsung Account.

Description

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

Exploits (3)

nomisec WORKING POC 27 stars
by ReversecLabs · poc
https://github.com/ReversecLabs/CVE-2021-25374_Samsung-Account-Access

This repository contains a functional exploit for CVE-2021-25374, which leverages a Samsung Account access vulnerability via a crafted intent URL. The script automates the process of extracting authentication tokens and session cookies to gain unauthorized access to a victim's Samsung Account.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Samsung Members app (specific version not specified)
No auth needed
Prerequisites: Victim must have a vulnerable version of Samsung Members installed · Victim must be in US or Korea region · Attacker must host a web server with a crafted intent URL
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/withsecurelabs/cve-2021-25374_samsung-account-access

This repository contains a functional exploit for CVE-2021-25374, which leverages an intent URI scheme vulnerability in Samsung Members to bypass authentication and gain unauthorized access to a victim's Samsung Account. The script automates the process of extracting session tokens and cookies by exploiting improper validation in the app's deep link handling.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Samsung Members (specific version not specified, but affects US/Korea regions)
No auth needed
Prerequisites: Victim must have vulnerable Samsung Members app installed · Victim must click a malicious intent URI link · Attacker must host a web server to serve the malicious link
devstral-2 · analyzed Feb 23, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/fsecurelabs/cve-2021-25374_samsung-account-access

This repository contains a functional exploit for CVE-2021-25374, which leverages an intent-based attack to bypass authentication and gain unauthorized access to Samsung accounts. The script automates the process of extracting session tokens and cookies by exploiting a vulnerability in the Samsung Members app.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Samsung Members app (specific version not specified)
No auth needed
Prerequisites: Victim must have a vulnerable version of Samsung Members installed · Victim's device must be from US or Korea region · Attacker must host a malicious web page and run the script
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/serviceWeb.smsb

Scores

CVSS v3 8.6
EPSS 0.0764
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-285
Status published
Products (1)
samsung/members < 2.4.83.9
Published Apr 09, 2021
Tracked Since Feb 18, 2026