CVE-2025-21028 — Vulnetix

CVE-2025-21028 PUBLISHED CVSS 5.5 MEDIUM

Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.

EPSS 0.03% · 7.8th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.03%

7.8th percentile

Affected Products

Vendor	Product	Versions
Samsung Mobile	Samsung Mobile Devices	SMR Sep-2025 Release in Android 15, 16
samsung	android	15.0, 15.0, 15.0

Exploit Intelligence

CIRCL seen: CVE-2025-21028 (circl-sighting)
CIRCL seen: CVE-2025-21028 (circl-sighting)
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 (circl)

Timeline

Nov 6, 2024 CVE ID Reserved
Sep 3, 2025 EPSS Score
Sep 3, 2025 CVE Published
Sep 3, 2025 PoC Published
Sep 3, 2025 PoC Published
Sep 3, 2025 CVE Updated
Sep 11, 2025 EPSS Score
Sep 11, 2025 Coalition ESS Score
Sep 18, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 3, 2025 Coalition ESS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›