Login Sign Up

CVE-2021-25485

7.5 HIGH
Path Traversal

📋 TL;DR

This path traversal vulnerability in Samsung's FactoryAirCommandManager allows attackers to write files with system-level privileges via Bluetooth remote socket. It affects Samsung mobile devices before the October 2021 security update. Attackers could potentially modify system files or install malicious components.

💻 Affected Systems

Products:
  • Samsung mobile devices with FactoryAirCommandManager
Versions: All versions prior to SMR Oct-2021 Release 1
Operating Systems: Android (Samsung-specific implementation)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Bluetooth to be enabled and accessible. FactoryAirCommandManager is a Samsung-specific system component.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing persistent malware installation, data theft, or device bricking via system file modification.

🟠

Likely Case

Local privilege escalation leading to unauthorized system access, data exfiltration, or installation of surveillance tools.

🟢

If Mitigated

Limited impact with proper Bluetooth security controls and network segmentation in place.

🌐 Internet-Facing: LOW - Requires Bluetooth proximity and specific conditions, not directly internet exploitable.
🏢 Internal Only: MEDIUM - Requires physical proximity or internal network access via Bluetooth, but could lead to significant internal compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires Bluetooth access and knowledge of the vulnerable component. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Oct-2021 Release 1 or later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install October 2021 security update or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

all

Turn off Bluetooth to prevent remote exploitation via Bluetooth socket

Restrict Bluetooth visibility

all

Set Bluetooth to non-discoverable mode to reduce attack surface

🧯 If You Can't Patch

  • Disable Bluetooth completely in device settings
  • Implement network segmentation to isolate vulnerable devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Software information. If patch level is earlier than October 2021, device is vulnerable.

Check Version:

Not applicable - check via device settings UI

Verify Fix Applied:

Confirm security patch level shows October 2021 or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Bluetooth connection attempts to FactoryAirCommandManager
  • Unexpected file write operations in system directories

Network Indicators:

  • Suspicious Bluetooth pairing requests from unknown devices
  • Unusual Bluetooth traffic patterns

SIEM Query:

Not applicable for typical mobile device deployments

📊 Metadata

CVE ID: CVE-2021-25485
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CWE: CWE-20
Published: October 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25485, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)