Cyber Resilience

CVE-2021-25369

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 26 March 2021

Published
26 March 2021
Modified
30 October 2025
KEV Added
08 November 2022
Patch
CVSS Score v3.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0022 45.2th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-25369 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Samsung Android. Its CVSS base score is 6.2 (Medium).

Operationally, ranked at the 45.2th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

An improper access control vulnerability affects the sec_log file on Samsung mobile devices prior to the SMR MAR-2021 Release 1 patch level. The flaw, tracked as CVE-2021-25369, allows exposure of sensitive kernel information to userspace processes and carries a CVSS 3.1 score of 6.2 reflecting high confidentiality impact under local attack conditions.

A local attacker with no privileges or user interaction can read the contents of the sec_log file, disclosing kernel data that would otherwise remain restricted. This information exposure stems from missing access controls on the file and aligns with CWE-200.

Samsung security bulletins direct users to apply the March 2021 monthly maintenance release or later updates available through official device channels. The vulnerability is also catalogued by CISA among actively exploited issues, confirming observed real-world use.

EU & UK References

Vulnerability details

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

CWE(s)
KEV Date Added
08 November 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
android
10.0, 8.0, 8.1, 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access restrictions on the sec_log file so that unprivileged userspace processes cannot read kernel data.

prevent

Requires that processes and users operate with only the privileges needed, preventing broad read access to sensitive kernel log files.

prevent

Protects audit and security log files (such as sec_log) from unauthorized access that would expose kernel information.

References