CVE-2021-25403

low

Description

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Details

Source: Mitre, NVD

Published: 2021-06-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00065