{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T08:44:20.769","vulnerabilities":[{"cve":{"id":"CVE-2021-25507","sourceIdentifier":"mobile.security@samsung.com","published":"2021-11-05T03:15:11.587","lastModified":"2024-11-21T05:55:08.127","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization."},{"lang":"es","value":"Una vulnerabilidad de autorización inapropiada en Samsung Flow mobile application versiones anteriores a 4.8.03.5, permite que la aplicación Samsung Flow para PC conectada con el dispositivo del usuario acceda a parte de los datos de notificación en la carpeta segura sin autorización"}],"metrics":{"cvssMetricV31":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:P/I:N/A:N","baseScore":2.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":5.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"mobile.security@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:samsung_flow:*:*:*:*:*:android:*:*","versionEndExcluding":"4.8.03.5","matchCriteriaId":"8BBEE753-3ACE-4B00-9F56-76A3F29A0361"}]}]}],"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11","source":"mobile.security@samsung.com","tags":["Vendor Advisory"]},{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}