Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Secure Folder by Samsung Mobile
CVE-2025-21041 (GCVE-0-2025-21041)
Vulnerability from nvd – Published: 2025-09-03 06:05 – Updated: 2025-09-03 19:45
VLAI
Summary
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Secure Folder |
Unaffected:
Android 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T19:44:56.647431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T19:45:05.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Folder",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "Android 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T06:05:47.132Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21041",
"datePublished": "2025-09-03T06:05:47.132Z",
"dateReserved": "2024-11-06T02:30:14.888Z",
"dateUpdated": "2025-09-03T19:45:05.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20973 (GCVE-0-2025-20973)
Vulnerability from nvd – Published: 2025-05-07 08:24 – Updated: 2025-05-07 14:57
VLAI
Summary
Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Secure Folder |
Unaffected:
1.8.12.0 in Android 13, and 1.9.21.00 in Android 14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T14:57:11.494134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:57:33.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Folder",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.8.12.0 in Android 13, and 1.9.21.00 in Android 14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T08:24:29.804Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20973",
"datePublished": "2025-05-07T08:24:29.804Z",
"dateReserved": "2024-11-06T02:30:14.867Z",
"dateUpdated": "2025-05-07T14:57:33.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20897 (GCVE-0-2025-20897)
Vulnerability from nvd – Published: 2025-02-04 07:19 – Updated: 2025-02-04 16:04
VLAI
Summary
Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Secure Folder |
Unaffected:
1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:03:18.359439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:04:00.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Folder",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926 : Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T07:19:45.024Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20897",
"datePublished": "2025-02-04T07:19:45.024Z",
"dateReserved": "2024-11-06T02:30:14.838Z",
"dateUpdated": "2025-02-04T16:04:00.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21041 (GCVE-0-2025-21041)
Vulnerability from cvelistv5 – Published: 2025-09-03 06:05 – Updated: 2025-09-03 19:45
VLAI
Summary
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Secure Folder |
Unaffected:
Android 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T19:44:56.647431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T19:45:05.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Folder",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "Android 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T06:05:47.132Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21041",
"datePublished": "2025-09-03T06:05:47.132Z",
"dateReserved": "2024-11-06T02:30:14.888Z",
"dateUpdated": "2025-09-03T19:45:05.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20973 (GCVE-0-2025-20973)
Vulnerability from cvelistv5 – Published: 2025-05-07 08:24 – Updated: 2025-05-07 14:57
VLAI
Summary
Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Secure Folder |
Unaffected:
1.8.12.0 in Android 13, and 1.9.21.00 in Android 14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T14:57:11.494134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:57:33.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Folder",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.8.12.0 in Android 13, and 1.9.21.00 in Android 14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T08:24:29.804Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20973",
"datePublished": "2025-05-07T08:24:29.804Z",
"dateReserved": "2024-11-06T02:30:14.867Z",
"dateUpdated": "2025-05-07T14:57:33.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20897 (GCVE-0-2025-20897)
Vulnerability from cvelistv5 – Published: 2025-02-04 07:19 – Updated: 2025-02-04 16:04
VLAI
Summary
Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Secure Folder |
Unaffected:
1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:03:18.359439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:04:00.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Folder",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926 : Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T07:19:45.024Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20897",
"datePublished": "2025-02-04T07:19:45.024Z",
"dateReserved": "2024-11-06T02:30:14.838Z",
"dateUpdated": "2025-02-04T16:04:00.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}