CVE-2025-21058

Summary

Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileRoutines4.8.7.1 in Android 15 and 4.9.6.0 in Android 16unaffected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References