CVE-2021-25525
LOWSamsung Pay < 4.0.65 - Unauthenticated NFC Access via Exception Handling Issue
Title source: llmDescription
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12
Scores
CVSS v3
2.0
EPSS
0.0033
EPSS Percentile
24.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L
Details
CWE
CWE-754
CWE-703
Status
published
Products (1)
samsung/pay
< 4.0.65
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026