CVE-2021-25337
ENISA EUVD: EUVD-2021-12233 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
Published: 2021-03-04
EPSS Score
Source: FIRST.org · 2026-05-23
0.8%
probability
This CVE has a 0.8% probability
of being exploited in the next 30 days.
0%
Top 74.3th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)4.4
MEDIUM
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVSS v2 (legacy)
5.8
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
AV:N/AC:M/Au:N/C:P/I:P/A:N
Description
VulnerabilityLookup (CNA)Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
Affected Products
Samsung Mobile
Samsung Mobile Devices
Selected P(9.0), Q(10.0), R(11.0)
Google Project Zero
Discovered
Nov. 3, 2020
Patched
March 1, 2021
Reported by
???
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-25337.html
Exploits & PoC
CrisZalSa/JustALampNothingElse
CVE-2021-25337
1
2026-05-13
1 repo — triés par ⭐
Rechercher sur GitHub ↗
https://security.samsungmobile.com/securityUpdate.smsb
x_refsource_CONFIRM
https://security.samsungmobile.com
x_refsource_MISC
Signal Intelligence
Confidence
95%
EPSS
0.8%
CVSS v3.1
4.4
Mentions
0
CNA Information
CNA Assigner
Samsung Mobile
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateMar 04, 2021