CVE-2025-21002 is a medium-severity vulnerability identified in Samsung Mobile Devices affecting the LeAudioService component prior to the SMR (Security Maintenance Release) July 2025 Release 1. The vulnerability is classified under CWE-284, which pertains to improper access control. Specifically, this flaw allows local attackers—those with physical or logical access to the device but without prior privileges—to manipulate the broadcasting functionality of Auracast, a Bluetooth LE Audio broadcast feature. The CVSS v3.1 base score is 6.2, reflecting a medium impact with the vector AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This means the attack requires local access but no privileges or user interaction, has low attack complexity, and impacts integrity but not confidentiality or availability. The improper access control flaw could allow an attacker to alter broadcast parameters or content, potentially leading to misinformation, unauthorized audio injection, or disruption of intended Auracast broadcasts. Since Auracast is used for public or group audio streaming, manipulation could affect user experience, trust, and possibly safety if used in critical environments. No known exploits are currently reported in the wild, and no patch links are provided yet, indicating that remediation may be pending or in progress. The vulnerability is limited to local attackers and does not require user interaction, increasing the risk in scenarios where devices are accessible to untrusted users or malicious insiders.

For European organizations, the impact of CVE-2025-21002 depends largely on the deployment and use of Samsung Mobile Devices with Auracast functionality in their operational environments. Organizations using these devices for communication, public announcements, or collaborative audio streaming could face integrity risks where attackers manipulate broadcast content. This could lead to misinformation, disruption of communication channels, or damage to organizational reputation. Sectors such as public transportation, event management, healthcare, and corporate environments that leverage Auracast for group audio dissemination are particularly vulnerable. Although confidentiality and availability are not directly impacted, the integrity compromise can have cascading effects on operational trust and user safety. The local attack vector limits remote exploitation but raises concerns in environments with shared or accessible devices, such as offices, public kiosks, or shared workspaces. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially once patches are available and attackers analyze the vulnerability for exploitation potential.

1. Immediate mitigation involves restricting physical and logical access to Samsung Mobile Devices, especially those used in sensitive or public environments, to trusted personnel only. 2. Monitor for updates from Samsung Mobile and apply the SMR July 2025 Release 1 or later patches promptly once available to remediate the vulnerability. 3. Implement device usage policies that limit the use of Auracast broadcasting features to authorized users and contexts. 4. Employ endpoint security solutions that can detect anomalous behavior related to Bluetooth broadcasting or unauthorized service manipulation. 5. Conduct regular security audits and access reviews on devices to ensure no unauthorized local access or tampering has occurred. 6. Educate users and administrators about the risks of local device access and the importance of securing mobile devices physically and logically. 7. For critical environments, consider disabling Auracast broadcasting features temporarily until patches are applied or alternative secure communication methods are established.