PatchSiren cyber security CVE debrief
CVE-2026-21025 Samsung Mobile CVE debrief
CVE-2026-21025 is a medium severity vulnerability (CVSS Score: 6.9) affecting Telephony prior to SMR Jun-2026 Release 1. The vulnerability is caused by incorrect privilege assignment, allowing local attackers to access sensitive information. The vulnerability was published on 2026-06-05T11:16:34.983Z and modified on 2026-06-06T02:01:04.850Z.
- Vendor
- Samsung Mobile
- Product
- Samsung Mobile Devices
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-06
Who should care
Users of Samsung Android devices, particularly those using Telephony prior to SMR Jun-2026 Release 1, should apply the necessary patches to prevent local attackers from accessing sensitive information.
Technical summary
The vulnerability is caused by incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1. This allows local attackers to access sensitive information.
Defensive priority
Medium
Recommended defensive actions
- Apply the patch released by Samsung for SMR Jun-2026 Release 1 or later.
- Ensure that the Telephony component is updated to the latest version.
Evidence notes
The vulnerability is confirmed by the CVE record and NVD detail pages.
Official resources
-
CVE-2026-21025 CVE record
CVE.org
-
CVE-2026-21025 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-21025 was published on 2026-06-05T11:16:34.983Z and modified on 2026-06-06T02:01:04.850Z.