CVE-2021-25525

LOW

Samsung Pay < 4.0.65 - Improper Condition Check

Title source: rule

Description

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

References (1)

[Vendor Advisory] https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12

Scores

CVSS v3 2.0

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L

Details

CWE

CWE-754 CWE-703

Status published

Products (1)

samsung/pay < 4.0.65

Published Dec 08, 2021

Tracked Since Feb 18, 2026