CVE-2021-25438
📋 TL;DR
This vulnerability allows untrusted applications to perform local file inclusion attacks in Samsung Members app's webview component. Attackers could access sensitive files on affected Android devices. Users with Samsung Members app on Android 8.1 and below (versions before 2.4.85.11) or Android 9.0 and above (versions before 3.9.10.11) are affected.
💻 Affected Systems
- Samsung Members
📦 What is this software?
Members by Samsung
Members by Samsung
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of device through local file inclusion leading to sensitive data theft, credential harvesting, or further exploitation via file uploads.
Likely Case
Unauthorized access to local files containing sensitive information such as authentication tokens, configuration files, or personal data.
If Mitigated
Limited impact with proper app sandboxing and file permission restrictions preventing access to critical system files.
🎯 Exploit Status
Requires user to install malicious application. Exploitation involves local file inclusion through webview component.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.85.11 for Android 8.1 and below, 3.9.10.11 for Android 9.0 and above
Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7
Restart Required: No
Instructions:
1. Open Google Play Store on affected device. 2. Search for 'Samsung Members'. 3. Update to latest version (2.4.85.11+ for Android 8.1/below, 3.9.10.11+ for Android 9.0/above). 4. Alternatively, update through Samsung Galaxy Store if available.
🔧 Temporary Workarounds
Disable Samsung Members app
androidTemporarily disable the vulnerable application until patched
adb shell pm disable-user --user 0 com.samsung.android.voc
Restrict app installations
androidPrevent installation of untrusted applications that could exploit this vulnerability
Settings > Security > Unknown sources (disable)
Settings > Apps > Special access > Install unknown apps (disable for all apps)
🧯 If You Can't Patch
- Uninstall Samsung Members app if not required
- Implement mobile device management (MDM) policies to restrict app installations and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Samsung Members app version: Settings > Apps > Samsung Members > App info > VersionCheck Version:
adb shell dumpsys package com.samsung.android.voc | grep versionNameVerify Fix Applied:
Verify Samsung Members app version is 2.4.85.11 or higher (Android 8.1/below) or 3.9.10.11 or higher (Android 9.0/above)📡 Detection & Monitoring
Log Indicators:
- WebView file:// URL access attempts
- Samsung Members app crashes or unusual file access patterns
Network Indicators:
- Local file inclusion attempts through app network traffic
SIEM Query:
app:"Samsung Members" AND (event:"file_access" OR event:"webview_exception")