CVE-2025-21016_CVE-2025-21016

4.3 / 10

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Description

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.

AI Analysis

A vulnerability in Samsung's PkgPredictorService allows local attackers to access privileged APIs due to improper access controls in specific Android versions.

Basic Information

ID CVE-2025-21016

Source SamsungMobile

Published Aug 6, 2025 at 04:23

Modified Aug 6, 2025 at 13:43

Affected Product

Vendor Samsung Mobile

Product Samsung Mobile Devices

Version SMR Aug-2025 Release in Chinese Android 13, 14, 15, 16

AI Assessment

AI Severity Medium

Vendor Samsung Electronics

Product Samsung Mobile Devices

Version Android 13, Android 14, Android 15, Android 16

References

security.samsungmobile.com /securityUpdate.smsb

{
    "lastseen": "",
    "description": "Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.",
    "published": "2025-08-06T04:23:31.372Z",
    "modified": "2025-08-06T13:43:48.240Z",
    "type": "cve",
    "title": "CVE-2025-21016",
    "source": "SamsungMobile",
    "references": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=08",
    "id": "CVE-2025-21016",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Samsung Mobile Devices",
    "version": "SMR Aug-2025 Release in Chinese Android 13, 14, 15, 16",
    "vendor": "Samsung Mobile",
    "ai_description": "A vulnerability in Samsung's PkgPredictorService allows local attackers to access privileged APIs due to improper access controls in specific Android versions.",
    "ai_severity": "Medium",
    "ai_vendor": "Samsung Electronics",
    "ai_product": "Samsung Mobile Devices",
    "ai_version": "Android 13, Android 14, Android 15, Android 16",
    "ai_score": 0
}