CVE-2025-21063

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

mproper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*

History

08 Jan 2026, 18:01

Type	Values Removed	Values Added
First Time		Samsung Samsung android Samsung voice Recorder
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10 - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:samsung:voice_recorder:::::::: cpe:2.3:o:samsung:android:15.0:-:::::: cpe:2.3:o:samsung:android:16.0:-::::::

10 Oct 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-10 07:15

Updated : 2026-01-08 18:01

NVD link : CVE-2025-21063

Mitre link : CVE-2025-21063

CVE.ORG link : CVE-2025-21063

JSON object : View

Products Affected

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-21063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-10-10T07:15:42.493", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen."}], "lastModified": "2026-01-08T18:01:26.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "975E4DDC-98D8-4AF5-B33E-863BBBF045A1", "versionEndExcluding": "21.5.73.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95DE4E96-2F23-47E5-9DFC-44EC409F37E8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44A4043-90E2-48F7-BAB9-DA8ABD661C62", "versionEndExcluding": "21.5.81.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3FD6766A-EC2B-4CA2-9A8E-2BA5C9E9ECF9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}