CVE-2021-25395

ENISA EUVD: EUVD-2021-12291 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 Published: 2021-06-11

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.16%

probability

This CVE has a 0.16% probability of being exploited in the next 30 days.

0% Top 36.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

6.4

MEDIUM

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

4.4

MEDIUM

Access Vector

Local

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

Affected Products

Samsung Mobile

Samsung Mobile Devices

O(8.x), P(9.0), Q(10.0), R(11.0)

samsung

android

Samsung Mobile

Samsung Mobile Devices

O(8.x), P(9.0), Q(10.0), R(11.0) <SMR MAY-2021 Release 1

Samsung Mobile

Samsung Mobile Devices

O(8.x), P(9.0), Q(10.0), R(11.0) <SMR MAY-2021 Release 1

Attack Intelligence

CWE-362 · Race Condition CWE-691 · Insufficient Control Flow Management

Google Project Zero

Discovered

Dec. 31, 2020

Patched

May 1, 2021

Reported by

???

Root Cause Analysis

???

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.16%

CVSS v3.1 6.4

Mentions 0

CNA Information

CNA Assigner

Samsung Mobile

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026

Published DateJun 11, 2021