Login Sign Up

CVE-2025-21035

4.6 MEDIUM

📋 TL;DR

This vulnerability allows physical attackers to bypass user profile isolation in Samsung Calendar, potentially accessing calendar data from other user profiles on the same device. It affects Samsung Calendar on Android 14 and 15 devices with multiple user profiles configured.

💻 Affected Systems

Products:
  • Samsung Calendar
Versions: Prior to version 12.5.06.5 in Android 14 and prior to version 12.6.01.12 in Android 15
Operating Systems: Android 14, Android 15
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with multiple user profiles configured. Single-user devices are not vulnerable.

📦 What is this software?

Calendar by Samsung

View all CVEs affecting Calendar →

Calendar by Samsung

View all CVEs affecting Calendar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attacker gains access to sensitive calendar data (meetings, appointments, contacts) from all user profiles on the device, potentially exposing confidential business or personal information.

🟠

Likely Case

Physical attacker accesses calendar data from other user profiles, compromising privacy and potentially exposing sensitive scheduling information.

🟢

If Mitigated

Attacker cannot access data across user profiles due to proper access controls and profile isolation.

🌐 Internet-Facing: LOW - This requires physical access to the device, not remote exploitation.
🏢 Internal Only: MEDIUM - Physical device access required, but could impact devices with multiple user profiles in shared environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires physical access to the device and knowledge of how to exploit the access control flaw across user profiles.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Samsung Calendar 12.5.06.5 for Android 14 and 12.6.01.12 for Android 15

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=09

Restart Required: No

Instructions:

1. Open Google Play Store on affected device. 2. Search for 'Samsung Calendar'. 3. If update available, tap 'Update'. 4. Alternatively, update through device settings > Software update.

🔧 Temporary Workarounds

Disable multiple user profiles

android

Remove or disable additional user profiles to eliminate the cross-profile access vector.

Settings > Users and accounts > Users > Remove unwanted user profiles

Restrict physical access

all

Implement physical security controls to prevent unauthorized device access.

🧯 If You Can't Patch

  • Disable Samsung Calendar and use alternative calendar app
  • Implement strict physical device security policies and monitoring

🔍 How to Verify

Check if Vulnerable:

Check Samsung Calendar version in device settings > Apps > Samsung Calendar > App info

Check Version:

adb shell dumpsys package com.samsung.android.calendar | grep versionName

Verify Fix Applied:

Verify Samsung Calendar version is 12.5.06.5 or higher on Android 14, or 12.6.01.12 or higher on Android 15

📡 Detection & Monitoring

Log Indicators:

  • Unusual cross-profile access attempts in system logs
  • Calendar app accessing data outside current user profile

Network Indicators:

  • No network indicators - local exploit only

SIEM Query:

No specific SIEM query - monitor for physical device access anomalies

📊 Metadata

CVE ID: CVE-2025-21035
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.02% exploit probability (5.1th percentile)
Published: September 3, 2025
Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON