Details of VAR-202111-0054

ID

VAR-202111-0054

CVE

CVE-2021-25505

TITLE

Samsung Pass Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014603

DESCRIPTION

Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. Samsung Pass There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Pass is a secure and simple way for Samsung to log in to websites and applications on mobile phones using biometric technology

Trust: 2.16

sources: NVD: CVE-2021-25505 // JVNDB: JVNDB-2021-014603 // CNVD: CNVD-2025-02720

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02720

AFFECTED PRODUCTS

vendor:	samsung	model:	pass	scope:	lt	version:	3.0.02.4	Trust: 1.6
vendor:	サムスン	model:	samsung pass	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	samsung pass	scope:	eq	version:	3.0.02.4	Trust: 0.8

sources: CNVD: CNVD-2025-02720 // JVNDB: JVNDB-2021-014603 // NVD: CVE-2021-25505

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25505
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25505
value:	LOW
Trust: 1.0
NVD:	CVE-2021-25505
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-02720
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-477
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-25505
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2025-02720
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25505
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25505
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25505
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-02720 // JVNDB: JVNDB-2021-014603 // CNNVD: CNNVD-202111-477 // NVD: CVE-2021-25505 // NVD: CVE-2021-25505

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014603 // NVD: CVE-2021-25505

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-477

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202111-477

PATCH

title:	Security Updates (NOV-2021 Updates)	url:	https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11	Trust: 0.8
title:	Patch for Samsung Pass Access Verification Error Vulnerability (CNVD-2025-02720)	url:	https://www.cnvd.org.cn/patchInfo/show/354701	Trust: 0.6
title:	Samsung Pass Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170037	Trust: 0.6

sources: CNVD: CNVD-2025-02720 // JVNDB: JVNDB-2021-014603 // CNNVD: CNNVD-202111-477

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25505	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-014603	Trust: 0.8
db:	CNVD	id:	CNVD-2025-02720	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-477	Trust: 0.6

sources: CNVD: CNVD-2025-02720 // JVNDB: JVNDB-2021-014603 // CNNVD: CNNVD-202111-477 // NVD: CVE-2021-25505

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-25505	Trust: 2.0
url:	https://security.samsungmobile.com/serviceweb.smsb?year=2021&month=11	Trust: 1.6

sources: CNVD: CNVD-2025-02720 // JVNDB: JVNDB-2021-014603 // CNNVD: CNNVD-202111-477 // NVD: CVE-2021-25505

SOURCES

db:	CNVD	id:	CNVD-2025-02720
db:	JVNDB	id:	JVNDB-2021-014603
db:	CNNVD	id:	CNNVD-202111-477
db:	NVD	id:	CVE-2021-25505

LAST UPDATE DATE

2025-02-14T23:02:13.751000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02720	date:	2025-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-014603	date:	2022-10-21T02:38:00
db:	CNNVD	id:	CNNVD-202111-477	date:	2021-11-17T00:00:00
db:	NVD	id:	CVE-2021-25505	date:	2021-11-08T19:33:29.290

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02720	date:	2025-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-014603	date:	2022-10-21T00:00:00
db:	CNNVD	id:	CNNVD-202111-477	date:	2021-11-05T00:00:00
db:	NVD	id:	CVE-2021-25505	date:	2021-11-05T03:15:11.257