CVE-2021-25527

LOW

Samsung Pay <4.1.77 - Info Disclosure

Title source: llm

Description

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.

References (1)

[Vendor Advisory] https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12

Scores

CVSS v3 3.8

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-926

Status published

Products (1)

samsung/pay < 4.1.77

Published Dec 08, 2021

Tracked Since Feb 18, 2026