Cyber Resilience

CVE-2025-21079

High

Published: 05 November 2025

Published
05 November 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS Score 0.0005 16.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21079 is a high-severity an unspecified weakness vulnerability in Samsung Members. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 16.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21079 is an improper input validation vulnerability affecting the Samsung Members application prior to version 5.5.01.3. This flaw enables remote attackers to connect to an arbitrary URL and launch arbitrary activities with Samsung Members privileges. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) and is associated with CWE information not available from NVD. It was published on 2025-11-05.

Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity, though it requires user interaction to trigger. Successful exploitation allows attackers to launch arbitrary activities under the Samsung Members application's privileges, potentially leading to low integrity impacts such as unauthorized modifications and high availability disruptions like denial of service, without affecting confidentiality or changing scope.

Samsung has issued a security advisory detailing the issue, available at https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=11, which security practitioners should consult for patch information and mitigation guidance.

EU & UK References

Vulnerability details

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote exploitation of client application via improper input validation to launch arbitrary activities (T1203: Exploitation for Client Execution) and facilitates high availability impact through DoS (T1499.004: Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21042Same vendor: Samsung
CVE-2025-20931Same vendor: Samsung
CVE-2025-59440Same vendor: Samsung
CVE-2025-57834Same vendor: Samsung
CVE-2024-52923Same vendor: Samsung
CVE-2025-66363Same vendor: Samsung
CVE-2024-52924Same vendor: Samsung
CVE-2025-43706Same vendor: Samsung
CVE-2024-46922Same vendor: Samsung
CVE-2025-58349Same vendor: Samsung

Affected Assets

samsung
members
≤ 5.5.01.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of application inputs such as URLs to prevent processing of malicious inputs leading to arbitrary activity launches.

prevent

Ensures timely identification, reporting, and patching of the improper input validation flaw in Samsung Members prior to version 5.5.01.3.

prevent

Enforces access control policies to restrict unauthorized activity launches with Samsung Members privileges even if input validation is bypassed.

References