CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*

History

08 Jan 2026, 18:01

Type	Values Removed	Values Added
First Time		Samsung android Samsung Samsung voice Recorder
CWE		NVD-CWE-noinfo
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10 - Vendor Advisory
CPE		cpe:2.3:o:samsung:android:15.0:-:::::: cpe:2.3:a:samsung:voice_recorder:::::::: cpe:2.3:o:samsung:android:16.0:-::::::

10 Oct 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-10 07:15

Updated : 2026-01-08 18:01

NVD link : CVE-2025-21063

Mitre link : CVE-2025-21063

CVE.ORG link : CVE-2025-21063

JSON object : View

Products Affected

samsung

android
voice_recorder

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-21063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-10-10T07:15:42.493", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen."}], "lastModified": "2026-01-08T18:01:26.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "975E4DDC-98D8-4AF5-B33E-863BBBF045A1", "versionEndExcluding": "21.5.73.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95DE4E96-2F23-47E5-9DFC-44EC409F37E8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44A4043-90E2-48F7-BAB9-DA8ABD661C62", "versionEndExcluding": "21.5.81.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3FD6766A-EC2B-4CA2-9A8E-2BA5C9E9ECF9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}