Details of VAR-202509-1283

ID

VAR-202509-1283

CVE

CVE-2025-21035

TITLE

Samsung's calendar Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-015211

DESCRIPTION

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. Samsung's calendar Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-21035 // JVNDB: JVNDB-2025-015211

AFFECTED PRODUCTS

vendor:	samsung	model:	calendar	scope:	lt	version:	12.6.01.12	Trust: 1.0
vendor:	samsung	model:	calendar	scope:	lt	version:	12.5.06.5	Trust: 1.0
vendor:	サムスン	model:	calendar	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	eq	version:	12.6.01.12	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	eq	version:	12.5.06.5	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-015211 // NVD: CVE-2025-21035

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2025-21035
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-015211
value:	MEDIUM
Trust: 0.8

mobile.security@samsung.com:	CVE-2025-21035
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-015211
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-015211 // NVD: CVE-2025-21035

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015211 // NVD: CVE-2025-21035

EXTERNAL IDS

db:	NVD	id:	CVE-2025-21035	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-015211	Trust: 0.8

sources: JVNDB: JVNDB-2025-015211 // NVD: CVE-2025-21035

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2025&month=09	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-21035	Trust: 0.8

sources: JVNDB: JVNDB-2025-015211 // NVD: CVE-2025-21035

SOURCES

db:	JVNDB	id:	JVNDB-2025-015211
db:	NVD	id:	CVE-2025-21035

LAST UPDATE DATE

2025-10-10T23:32:58.553000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-015211	date:	2025-10-07T02:29:00
db:	NVD	id:	CVE-2025-21035	date:	2025-09-29T18:23:48.250

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-015211	date:	2025-10-07T00:00:00
db:	NVD	id:	CVE-2025-21035	date:	2025-09-03T06:15:48.550