Login Sign Up

CVE-2021-25428

7.8 HIGH

📋 TL;DR

This vulnerability in Samsung's PackageManager allows untrusted applications to obtain dangerous permissions without user confirmation under limited circumstances. It affects Samsung mobile devices running Android with specific software versions prior to the July 2021 security update.

💻 Affected Systems

Products:
  • Samsung mobile devices
Versions: Android versions prior to SMR July-2021 Release 1
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samsung devices with vulnerable PackageManager implementation. Requires malicious app installation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious apps could gain elevated permissions (like camera, microphone, location access) without user knowledge, enabling surveillance, data theft, or device takeover.

🟠

Likely Case

Malware could bypass permission prompts to access sensitive device features and user data.

🟢

If Mitigated

With proper app vetting and security controls, exploitation would be limited to specially crafted malicious apps.

🌐 Internet-Facing: LOW - Exploitation requires local app installation, not direct internet exposure.
🏢 Internal Only: MEDIUM - Requires user to install malicious app, but could be delivered via phishing or compromised app stores.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires developing or modifying an app to trigger the vulnerability. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR July-2021 Release 1 or later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > Software update. 2. Install July 2021 security update or later. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like Google Play Store with Play Protect enabled.

Review app permissions

all

Regularly audit and revoke unnecessary app permissions in device settings.

🧯 If You Can't Patch

  • Implement mobile device management (MDM) to control app installations
  • Use application allowlisting to only permit trusted applications

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Software information. If patch level is earlier than July 1, 2021, device is vulnerable.

Check Version:

Not applicable - check via device settings UI

Verify Fix Applied:

Confirm Android security patch level shows 'July 1, 2021' or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission grants to recently installed apps
  • PackageManager permission bypass attempts

Network Indicators:

  • Suspicious app downloads from untrusted sources

SIEM Query:

Not applicable - primarily device-level detection

📊 Metadata

CVE ID: CVE-2021-25428
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: July 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25428, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)