CVE-2025-21045 – This vulnerability allows local attackers to ac... (How to Fix)

Q: What is the severity of CVE-2025-21045?

CVE-2025-21045 has a CVSS score of 4.0 (MEDIUM). This vulnerability allows local attackers to access sensitive information stored insecurely on Galaxy Watch devices. It affects Galaxy Watch users who haven't applied the October 2025 security update. The issue requires physical access or local execution on the device.

📋 TL;DR

This vulnerability allows local attackers to access sensitive information stored insecurely on Galaxy Watch devices. It affects Galaxy Watch users who haven't applied the October 2025 security update. The issue requires physical access or local execution on the device.

💻 Affected Systems

Products:

Samsung Galaxy Watch

Versions: All versions prior to SMR Oct-2025 Release 1

Operating Systems: Tizen-based Galaxy Watch OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Galaxy Watch devices running Tizen OS before the October 2025 security update.

📦 What is this software?

Wear Os by Samsung

View all CVEs affecting Wear Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains access to sensitive user data including personal information, health data, or authentication tokens stored on the device.

🟠

Likely Case

Malicious app or user with physical access reads sensitive files that should be protected, potentially exposing personal data.

🟢

If Mitigated

With proper access controls and encryption, sensitive data remains protected even if storage location is discovered.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical device access or malicious local app could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to device or ability to run malicious code locally. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Oct-2025 Release 1

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10

Restart Required: No

Instructions:

1. Open Galaxy Wearable app on paired phone. 2. Go to Watch settings > About watch > Update watch software. 3. Install available updates. 4. Verify update to SMR Oct-2025 Release 1 or later.

🔧 Temporary Workarounds

Enable device encryption

all

Ensure device encryption is enabled to protect stored data

Restrict physical access

all

Keep watch physically secure and use lock screen protection

🧯 If You Can't Patch

Enable strong lock screen authentication (PIN/pattern/password)
Avoid storing highly sensitive data on the watch

🔍 How to Verify

Check if Vulnerable:

Check watch software version in Settings > About watch > Software information

Check Version:

Not applicable - check via watch settings UI

Verify Fix Applied:

Verify software version shows SMR Oct-2025 Release 1 or later

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in system logs
Multiple failed access attempts to protected storage

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

Not applicable for local device vulnerability

📊 Metadata

CVE ID: CVE-2025-21045

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-922

EPSS Score: 0.02% exploit probability (5.1th percentile)

Published: October 10, 2025

Last Updated: January 9, 2026

🔗 References

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21045, you might also want to check these: