Vulnerability Description
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | < 6.1.14.0 |
Related Weaknesses (CWE)
References
- https://security.samsungmobile.com/Vendor Advisory
- https://security.samsungmobile.com/serviceWeb.smsbVendor Advisory
- https://security.samsungmobile.com/Vendor Advisory
- https://security.samsungmobile.com/serviceWeb.smsbVendor Advisory
FAQ
What is CVE-2021-25375?
CVE-2021-25375 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
How severe is CVE-2021-25375?
CVE-2021-25375 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25375?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Email.