CVE-2021-25525

Description

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Samsung Mobile / Samsung Pay4.0.65

References

MISChttps://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12