CVE-2025-21025 — Vulnetix

CVE-2025-21025 PUBLISHED CVSS 5.099999904632568 MEDIUM

Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.

EPSS 0.03% · 8.5th percentile

Risk Scores

CVSS 3.1

5.099999904632568

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS Score

0.03%

8.5th percentile

Affected Products

Vendor	Product	Versions
Samsung Mobile	Samsung Mobile Devices	*
samsung	android	13.0, 13.0, 13.0

Exploit Intelligence

CIRCL seen: CVE-2025-21025 (circl-sighting)
CIRCL seen: CVE-2025-21025 (circl-sighting)
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 (circl)

Timeline

Sep 3, 2025 EPSS Score
Sep 3, 2025 CVE Published
Sep 3, 2025 PoC Published
Sep 3, 2025 PoC Published
Sep 11, 2025 EPSS Score
Sep 11, 2025 Coalition ESS Score
Sep 18, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 3, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 11, 2025 EPSS Score

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 url
https://nvd.nist.gov/vuln/detail/CVE-2025-21025 advisory

Open in Interactive Console →