Login Sign Up

CVE-2025-21005

5.5 MEDIUM

📋 TL;DR

An improper access control vulnerability in the isemtelephony component on Android devices allows local attackers to access sensitive information. This affects Samsung devices running Android versions prior to Android 15. Attackers must have local access to the device to exploit this vulnerability.

💻 Affected Systems

Products:
  • Samsung Android devices with isemtelephony component
Versions: Android versions prior to Android 15
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Samsung devices; other Android OEM implementations may not be vulnerable. Requires the isemtelephony component to be present.

📦 What is this software?

Android by Samsung

Android is Google's open-source mobile operating system powering over 3 billion devices worldwide, including smartphones, tablets, smart TVs, automotive systems, wearables, and IoT devices. As the world's dominant mobile OS with approximately 72% global market share, Android serves as the foundation...

Learn more about Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could access sensitive telephony-related information such as call logs, SMS data, or device identifiers without proper authorization.

🟠

Likely Case

Malicious apps or users with physical access could extract limited telephony metadata or configuration data from the device.

🟢

If Mitigated

With proper Android security controls and app sandboxing, impact would be limited to non-critical telephony data accessible only to privileged local users.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or app-based access to the device.
🏢 Internal Only: MEDIUM - Internal users with device access could potentially exploit this, but requires local execution context.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to device, likely through malicious app installation or physical access. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 15 or later Samsung security updates

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > Software update. 2. Install Android 15 update if available. 3. Alternatively, install latest Samsung security update for your device model. 4. Reboot device after update completes.

🔧 Temporary Workarounds

Restrict local app permissions

android

Limit app permissions and disable unnecessary telephony access for non-essential apps

Disable developer options and USB debugging

android

Prevents local attackers from using ADB or debugging interfaces to exploit the vulnerability

🧯 If You Can't Patch

  • Implement strict mobile device management (MDM) policies to control app installation and permissions
  • Use application allowlisting to prevent unauthorized apps from running on devices

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Software information. If version is below Android 15, device may be vulnerable.

Check Version:

adb shell getprop ro.build.version.release

Verify Fix Applied:

Verify Android version is 15 or higher, and check for July 2025 or later Samsung security update in Settings > About phone > Software information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to telephony services by non-system apps
  • Permission denial logs for isemtelephony component

SIEM Query:

source="android_logs" AND (component="isemtelephony" AND (action="access_denied" OR action="unauthorized_access"))

📊 Metadata

CVE ID: CVE-2025-21005
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.02% exploit probability (2.9th percentile)
Published: July 8, 2025
Last Updated: July 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON