Login Sign Up

CVE-2025-21037

4.1 MEDIUM

📋 TL;DR

This vulnerability in Samsung Notes allows physical attackers to access data across multiple user profiles on the same device when they have physical access. It requires user interaction to trigger, affecting Samsung device users with multiple profiles who haven't updated to the patched version.

💻 Affected Systems

Products:
  • Samsung Notes
Versions: All versions prior to 4.4.30.63
Operating Systems: Android (Samsung devices)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with multiple user profiles configured. Requires physical access to the device and user interaction.

📦 What is this software?

Notes by Samsung

View all CVEs affecting Notes →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attacker gains unauthorized access to sensitive notes and data from other user profiles on the same device, potentially exposing personal information, credentials, or confidential data.

🟠

Likely Case

Someone with physical device access (family member, colleague, or thief) accesses notes from other user profiles they shouldn't have permission to view.

🟢

If Mitigated

With proper physical security controls and updated software, the risk is minimal as the attacker needs physical access and user interaction.

🌐 Internet-Facing: LOW - This is a local physical access vulnerability, not remotely exploitable over networks.
🏢 Internal Only: MEDIUM - Within organizations, shared devices with multiple user profiles could be affected if physical security is lax.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires physical access to device and specific user interaction to trigger the vulnerability. Not remotely exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.30.63 and later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=09

Restart Required: No

Instructions:

1. Open Galaxy Store or Google Play Store on your Samsung device. 2. Search for 'Samsung Notes'. 3. If update is available, tap 'Update'. 4. Alternatively, go to Settings > Apps > Samsung Notes > App details in store > Update.

🔧 Temporary Workarounds

Disable multiple user profiles

android

Remove or disable additional user profiles on the device to eliminate the cross-profile access vector.

Settings > Users and accounts > Users > Remove unwanted profiles

Use device encryption with strong authentication

android

Enable full device encryption and require strong authentication (PIN/password/biometric) to access the device.

Settings > Security > Encrypt device
Settings > Lock screen > Screen lock type

🧯 If You Can't Patch

  • Implement strict physical security controls for devices (locked cabinets, never leave unattended)
  • Use separate physical devices for different users instead of multiple profiles on shared devices

🔍 How to Verify

Check if Vulnerable:

Check Samsung Notes version: Open Samsung Notes > Settings > About Samsung Notes. If version is below 4.4.30.63, you are vulnerable.

Check Version:

No command line option. Check via app: Samsung Notes > Settings > About Samsung Notes

Verify Fix Applied:

After updating, verify Samsung Notes version is 4.4.30.63 or higher in Settings > About Samsung Notes.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns between user profiles
  • Multiple failed authentication attempts followed by successful access

Network Indicators:

  • None - this is a local physical access vulnerability

SIEM Query:

Not applicable for network SIEM. Device logs would need to be monitored for profile switching anomalies.

📊 Metadata

CVE ID: CVE-2025-21037
CVSS v3 Score: 4.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
EPSS Score: 0.02% exploit probability (3.1th percentile)
Published: September 3, 2025
Last Updated: September 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON