{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21076","assignerOrgId":"3af57064-a867-422c-b2ad-40307b65c458","state":"PUBLISHED","assignerShortName":"SamsungMobile","dateReserved":"2024-11-06T02:30:14.896Z","datePublished":"2025-11-05T05:40:57.790Z","dateUpdated":"2025-11-07T14:26:14.798Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-280: Improper Handling of Insufficient Permissions or Privileges"}]}],"affected":[{"vendor":"Samsung Mobile","product":"Samsung Account","versions":[{"status":"unaffected","version":"15.5.00.18"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability."}],"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=11"}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}],"providerMetadata":{"orgId":"3af57064-a867-422c-b2ad-40307b65c458","shortName":"SamsungMobile","dateUpdated":"2025-11-05T05:40:57.790Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-05T14:14:18.179248Z","id":"CVE-2025-21076","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-07T14:26:14.798Z"}}]}}