CVE-2025-21035

Summary

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Calendar12.5.06.5 in Android 14 and 12.6.01.12 in Android 15unaffected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References