CVE-2021-25381
MEDIUMSamsung Account 10.8.0.4 and 12.1.1.3 - Unauthorized Action via PendingIntent Hijacking
Title source: llmDescription
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/serviceWeb.smsb
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
11.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-285
CWE-276
Status
published
Products (2)
samsung/account
10.8.0.4
samsung/account
12.1.1.3
Published
Apr 09, 2021
Tracked Since
Feb 18, 2026