CVE-2021-25357

Summary

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Mobile DevicesO(8.x), P(9.0), Q(10.0), R(11.0) < SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0) and 3.6.80.7 in Android R(11.0)affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References