CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*

History

No history.

Information

Published : 2025-10-10 07:15

Updated : 2026-01-08 18:01

NVD link : CVE-2025-21063

Mitre link : CVE-2025-21063

CVE.ORG link : CVE-2025-21063

JSON object : View

Products Affected

samsung

voice_recorder
android

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-21063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-10-10T07:15:42.493", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen."}], "lastModified": "2026-01-08T18:01:26.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "975E4DDC-98D8-4AF5-B33E-863BBBF045A1", "versionEndExcluding": "21.5.73.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95DE4E96-2F23-47E5-9DFC-44EC409F37E8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44A4043-90E2-48F7-BAB9-DA8ABD661C62", "versionEndExcluding": "21.5.81.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3FD6766A-EC2B-4CA2-9A8E-2BA5C9E9ECF9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}