CVE-2021-25507

MEDIUM

Samsung Flow <4.8.03.5 - Info Disclosure

Title source: llm

Description

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11

Scores

CVSS v3 5.7

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-285

Status published

Products (1)

samsung/samsung_flow < 4.8.03.5

Published Nov 05, 2021

Tracked Since Feb 18, 2026