CVE-2025-21030 — Vulnetix

CVE-2025-21030 PUBLISHED CVSS 4.300000190734863 MEDIUM

Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.

EPSS 0.03% · 8.9th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.03%

8.9th percentile

Affected Products

Vendor	Product	Versions
Samsung Mobile	Samsung Mobile Devices	SMR Sep-2025 Release in Chinese Android 15, 16

Exploit Intelligence

CIRCL seen: CVE-2025-21030 (circl-sighting)
CIRCL seen: CVE-2025-21030 (circl-sighting)
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 (circl)

Timeline

Nov 6, 2024 CVE ID Reserved
Sep 3, 2025 EPSS Score
Sep 3, 2025 CVE Published
Sep 3, 2025 PoC Published
Sep 3, 2025 PoC Published
Sep 3, 2025 CVE Updated
Sep 11, 2025 EPSS Score
Sep 18, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 3, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 url

Open in Interactive Console →