A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
Conclusion & alert: CVE-2021-25395 is rated Active Exploitation (70/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.39%). Core evidence: CISA KEV confirms active exploitation (added 2023-06-29) affecting Samsung / Mobile Devices. a weakness (CWE-362) Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Samsung Mobile Devices Race Condition Vulnerability · CISA KEV detail
: 2023-06-29
: 2023-07-20
: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.17% | 0.39% | +0.21% |
| 2 | 2025-11-21 | 1.69% | 0.17% | -1.52% |
| 3 | 2025-11-18 | — | 1.69% | — |
Full EPSS history (16 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.4 | 3.1 | MEDIUM |
|
0.5 | 5.9 | [email protected] |
| 6.4 | 3.1 | MEDIUM |
|
0.5 | 5.9 | [email protected] |
| 4.4 | 2.0 | MEDIUM |
|
3.4 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| samsung | android | 8.1 | cpe:2.3:o:samsung:android:8.1:-:*:*:*:*:*:* |
| samsung | android | 9.0 | cpe:2.3:o:samsung:android:9.0:smr-apr-2021-r1:*:*:*:*:*:* |
| samsung | android | 9.0 | cpe:2.3:o:samsung:android:9.0:smr-feb-2021-r1:*:*:*:*:*:* |
| samsung | android | 9.0 | cpe:2.3:o:samsung:android:9.0:smr-jan-2021-r1:*:*:*:*:*:* |
| samsung | android | 9.0 | cpe:2.3:o:samsung:android:9.0:smr-mar-2021-r1:*:*:*:*:*:* |
| samsung | android | 10.0 | cpe:2.3:o:samsung:android:10.0:smr-apr-2021-r1:*:*:*:*:*:* |
| samsung | android | 10.0 | cpe:2.3:o:samsung:android:10.0:smr-feb-2021-r1:*:*:*:*:*:* |
| samsung | android | 10.0 | cpe:2.3:o:samsung:android:10.0:smr-jan-2021-r1:*:*:*:*:*:* |
| samsung | android | 11.0 | cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:* |
| samsung | android | 11.0 | cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:* |
| samsung | android | 11.0 | cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:* |
| samsung | android | 11.0 | cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25395 | US Government Resource |