CVE-2025-21079
Published: 05 November 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-21079 is an improper input validation vulnerability affecting the Samsung Members application prior to version 5.5.01.3. This flaw enables remote attackers to connect to an arbitrary URL and launch arbitrary activities with Samsung Members privileges. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) and is associated with CWE information not available from NVD. It was published on 2025-11-05.
Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity, though it requires user interaction to trigger. Successful exploitation allows attackers to launch arbitrary activities under the Samsung Members application's privileges, potentially leading to low integrity impacts such as unauthorized modifications and high availability disruptions like denial of service, without affecting confidentiality or changing scope.
Samsung has issued a security advisory detailing the issue, available at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=11, which security practitioners should consult for patch information and mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables remote exploitation of client application via improper input validation to launch arbitrary activities (T1203: Exploitation for Client Execution) and facilitates high availability impact through DoS (T1499.004: Application or System Exploitation).