ByteOS Network

Vulnerability Details :

CVE-2025-21072

Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458

Published At-02 Dec, 2025 | 01:23

Updated At-26 Feb, 2026 | 16:57

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:SamsungMobile

Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458

Published At:02 Dec, 2025 | 01:23

Updated At:26 Feb, 2026 | 16:57

▼CVE Numbering Authority (CNA)

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Affected Products

Vendor

Samsung Electronics

Product

Samsung Mobile Devices

Default Status

affected

Versions

Unaffected

SMR Dec-2025 Release in Android 13, 14, 15, 16

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-787 Out-of-bounds Write

Type: N/A

CWE ID: N/A

Description: CWE-787 Out-of-bounds Write

Metrics

Version	Base score	Base severity	Vector
3.1	5.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Version: 3.1

Base score: 5.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

References

Hyperlink	Resource
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12	N/A

Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:mobile.security@samsung.com

Published At:02 Dec, 2025 | 02:15

Updated At:05 Dec, 2025 | 19:49

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary	3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 5.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Type: Primary

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CPE Matches

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-apr-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-aug-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-aug-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-dec-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-feb-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-feb-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jan-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jan-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jul-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jul-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jul-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jun-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-jun-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-mar-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-mar-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-may-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-may-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-nov-2021-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-nov-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-nov-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-oct-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-oct-2025-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-sep-2022-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-sep-2024-r1:*:*:*:*:*:*

Samsung

>>android>>13.0

cpe:2.3:o:samsung:android:13.0:smr-sep-2025-r1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12	mobile.security@samsung.com	Vendor Advisory

Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Source: mobile.security@samsung.com

Resource:

Vendor Advisory

Similar CVEs

256Records found

CVE-2025-20889

Matching Score-6

Assigner-Samsung Mobile

View Details

Matching Score-6

Assigner-Samsung Mobile

CVSS Score-5.3||MEDIUM

EPSS-0.07% / 21.64%

7 Day CHG~0.00%

Published-04 Feb, 2025 | 07:19

Updated-12 Feb, 2025 | 13:46

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

Vendor-Samsung Electronics Samsung

Product-android Samsung Mobile Devices

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20980

Matching Score-6

Assigner-Samsung Mobile

View Details

Matching Score-6

Assigner-Samsung Mobile

CVSS Score-4||MEDIUM

EPSS-0.01% / 0.70%

7 Day CHG~0.00%

Published-07 May, 2025 | 08:34

Updated-02 Oct, 2025 | 16:42

Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.

Vendor-Google LLC Samsung Electronics

Product-android libsavscmn

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-21043

Matching Score-6

Assigner-Samsung Mobile

View Details

Matching Score-6

Assigner-Samsung Mobile

CVSS Score-8.8||HIGH

EPSS-4.91% / 89.46%

7 Day CHG~0.00%

Published-12 Sep, 2025 | 07:21

Updated-26 Feb, 2026 | 17:48

Known KEV||Action Due Date - 2025-10-23||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Vendor-Samsung Electronics Samsung

Product-android Samsung Mobile Devices Mobile Devices

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-32855

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-3.8||LOW

EPSS-0.06% / 18.76%

7 Day CHG~0.00%

Published-25 Jun, 2024 | 04:06

Updated-04 Feb, 2025 | 17:21

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Vendor-Dell Inc.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-49614

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-5.7||MEDIUM

EPSS-0.06% / 17.79%

7 Day CHG~0.00%

Published-16 May, 2024 | 20:47

Updated-15 Aug, 2024 | 15:18

Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.

Vendor-n/a Intel Corporation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-39281

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.7||MEDIUM

EPSS-0.23% / 45.81%

7 Day CHG~0.00%

Published-01 Nov, 2023 | 00:00

Updated-06 Sep, 2024 | 20:35

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Vendor-n/a Intel Corporation Insyde Software Corp. (ISC)Advanced Micro Devices, Inc.

Product-celeron_7305l ryzen_7_7645hx core_i7-1280p core_i7-12650hx core_i5-12600t core_i7-12700h core_i5-13600k ryzen_7_pro_7730u core_i7_14700k core_i3-1210u van_gogh_0405 core_i7-13700kf ryzen_5_5600hs ryzen_3_5300ge core_i3-13300hre core_i7-1260u ryzen_7_5825u ryzen_9_7940hx v3c44 core_i5-12450h ryzen_9_7950x ryzen_5_7540u core_i7-1370p core_i5-12500t core_i7-1260p core_i9-13900e core_i5-1345ure core_i5-1335u core_i5-12500h core_i3-1220p ryzen_7_7700x core_i7-13800h core_i5-1345u core_i5-13500h ryzen_7_5700g core_i7-1270p n50 core_i5_14600k ryzen_9_6900hx ryzen_z1_extreme ryzen_7_7840hx core_i5-12600h core_i7-12700hl core_i3-13300he core_i7-12800hx ryzen_5_7640h core_i7-13700 hm770 core_i7-12700k ryzen_5_5500 core_i9-12900f ryzen_3_5400u b760 core_i7-1255ul celeron_g6900 core_i5-12400 core_i3-12100t ryzen_7_7735u core_i3-12300hl n97 ryzen_9_pro_7945 core_i9-13900hk core_i9-12900hk ryzen_7_7745hx ryzen_7_5700 core_i5-1240p core_i5-12500 core_i7-13650hx core_i7-13850hx ryzen_5_7535u core_i9-14900k core_i5-1345ue core_i7_14700kf core_i3-13100te ryzen_9_7845hx ryzen_7_6800hs core_i5-1245ul core_i5-13600hx ryzen_7_7736u core_i9-13900kf core_i5-13500te core_i5-13400e ryzen_5_5600u core_i7-12700 core_i5-13600 core_i5_14600kf ryzen_9_7645hx3d ryzen_5_5600ge core_i9-13950hx pentium_gold_g7400t athlon_gold_7220u core_i5-13400t core_i3-12100f core_i9-13900t celeron_7305 core_i5-12400t core_i3-1320pe ryzen_5_7535hs core_i7-13700h core_i9-12950hx core_i9-12900ks insydeh2o core_i5-1340pe ryzen_3_5425u core_i7-1370pre core_i7-13700t core_i9-13980hx core_i5-13420h core_i7-1360p core_i9-12900t ryzen_3_7440u ryzen3_5300u core_i3-n300 ryzen_7_5800u core_i7-12650h core_i3-1215u core_i9-13900ks ryzen_5_pro_7645 core_i7-1355u core_i3-12100 v314 core_i5-12500hl ryzen_7_5800h core_i7-12700f atom_x7211e core_i5-13600he core_i9-12900 core_i7-1375pre core_i5-13500t c262 ryzen_7_5700u core_i7-13700e core_i5-12600hl core_i5-1340p ryzen_7_6800h core_i5-13505h pentium_gold_g7400 core_i9-13900 core_i3-1315u core_i9-13900h ryzen_7_7840u ryzen_3_pro_7330u ryzen_7_5800hs core_i7-1250u ryzen_5_5500h core_i7-12800hl core_i7-13800hre core_i9-12900k ryzen_z1 core_i3-13100f core_i5-1350pe ryzen_5_6600h core_i9-13900f ryzen_9_6980hx pentium_8500 core_i3-13100t z790 core_i5-1350pre ryzen_9_7940h ryzen_5_5560u core_i7-13620h core_i3-1215ul core_i7-1265ul core_i7-1366ure core_i3-13100e ryzen_9_7900x n200 core_i7-1265u ryzen_5_6600hs celeron_g6900t core_i7-13700te n100 ryzen_7_7840h ryzen_9_5900hs core_i5-13400 ryzen_5_7640u core_i9-13900te ryzen_9_5980hs core_i7-1365ure core_i5-13600kf ryzen_5_7600 ryzen_9_6900hs pentium_8505 core_i7-13700k core_i7-1255u core_i5-12600 core_i3-1315ue n95 core_i7-1370pe ryzen_3_5300g h770 ryzen_3_7320u ryzen_5_pro_7530u ryzen_7_pro_7745 ryzen_5_7520u ryzen_5_5500u core_i3-13100 core_i5-12400f core_i5-12490f core_i5-13500e ryzen_7_7800x3d core_i5-13600t ryzen_5_pro_7640hs core_i7-13705h v3c16 core_i5-1245u ryzen_5_5600h core_i7-12700t ryzen_7_6800u ryzen_9_7945hx core_i3-12300 ryzen_5_5600g core_i5-1235ul ryzen_7_7735hs ryzen_9_7900x3d core_i7-13700hx core_i5-12600k core_i3-1320pre core_i5-1335ue v3c48 ryzen_5_7600x athlon_silver_7120u ryzen_5_6600u ryzen_5_5625u core_i9-13900k core_i3-12300t ryzen_7_5700ge core_i7-1365ue core_i7-12700kf ryzen_3_5125c core_i9-12900kf core_i9-13900hx core_i3-1305u core_i3-1315ure atom_x7213e core_i9-12900h core_i5-13500 core_i9-14900kf ryzen_3_7335u ryzen_7_pro_7840hs core_i5-12450hx ryzen_5_7545u core_i5-1235u core_i5-13400f u300e atom_x7425e core_i5-13500hx core_i5-1240u ryzen_5_7500f celeron_7300 ryzen_9_pro_7940hs core_i7-1365u core_i7-12800h wm790 core_i5-12600kf u300 core_i7-13800he v3c18 ryzen_9_5900hx core_i9-13905h c266 core_i7-12850hx core_i5-1350p ryzen_9_7950x3d core_i7-13700f ryzen_7_7700 core_i5-12600hx core_i5-13600h ryzen_3_5100 core_i3-n305 ryzen_9_7900 core_i5-13600hre core_i9-12900hx core_i5-1250p core_i5-1230u core_i5-13450hx core_i5-1334u ryzen_9_6980hs ryzen_9_7940hs n/a insydeh20

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-21072

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs