Login Sign Up

CVE-2025-21063

4.6 MEDIUM

📋 TL;DR

This vulnerability allows physical attackers to access voice recording files while the device is locked. It affects Samsung Voice Recorder on Android 15 and 16 devices. The attacker must have physical access to the locked device to exploit this flaw.

💻 Affected Systems

Products:
  • Samsung Voice Recorder
Versions: Prior to version 21.5.73.12 in Android 15 and prior to 21.5.81.40 in Android 16
Operating Systems: Android 15, Android 16
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samsung devices with the vulnerable Voice Recapper versions. Requires physical access to locked device.

📦 What is this software?

Voice Recorder by Samsung

View all CVEs affecting Voice Recorder →

Voice Recorder by Samsung

View all CVEs affecting Voice Recorder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attackers could access sensitive voice recordings containing personal conversations, confidential information, or authentication details while the device is locked.

🟠

Likely Case

Someone with brief physical access to a locked device could browse and potentially extract voice recordings without authentication.

🟢

If Mitigated

With proper access controls, recordings remain protected behind authentication even when the device is locked.

🌐 Internet-Facing: LOW - This requires physical access to the device, not network access.
🏢 Internal Only: MEDIUM - Physical access threats exist in environments where devices may be unattended or shared.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires physical access to the locked device. No authentication bypass needed once physical access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.5.73.12 for Android 15, 21.5.81.40 for Android 16

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10

Restart Required: No

Instructions:

1. Open Samsung Galaxy Store or Google Play Store. 2. Search for Samsung Voice Recorder. 3. Update to latest version (21.5.73.12+ for Android 15, 21.5.81.40+ for Android 16). 4. Alternatively, enable automatic updates in device settings.

🔧 Temporary Workarounds

Disable Voice Recorder Lock Screen Access

android

Prevent Voice Recorder from being accessible from lock screen

Use Secure Lock Screen

android

Enable strong authentication (PIN, password, biometrics) and ensure device locks quickly

🧯 If You Can't Patch

  • Disable Voice Recapper app or restrict its permissions
  • Enable encryption for sensitive recordings and store them in secure locations

🔍 How to Verify

Check if Vulnerable:

Check Voice Recapper version in Settings > Apps > Voice Recapper > App info. If version is below 21.5.73.12 on Android 15 or below 21.5.81.40 on Android 16, device is vulnerable.

Check Version:

adb shell dumpsys package com.sec.android.app.voicenote | grep versionName

Verify Fix Applied:

Verify Voice Recapper version is 21.5.73.12 or higher on Android 15, or 21.5.81.40 or higher on Android 16. Test by locking device and attempting to access recordings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to voice recording files
  • Failed authentication attempts followed by recording access

Network Indicators:

  • Not applicable - local access only

SIEM Query:

Not applicable for this physical access vulnerability

📊 Metadata

CVE ID: CVE-2025-21063
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.03% exploit probability (7.7th percentile)
Published: October 10, 2025
Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON