Skip to main content

CVE-2025-21004: CWE-284 Improper Access Control in Samsung Mobile Samsung Mobile Devices

Medium
VulnerabilityCVE-2025-21004cvecve-2025-21004cwe-284
Published: Tue Jul 08 2025 (07/08/2025, 10:34:34 UTC)
Source: CVE Database V5
Vendor/Project: Samsung Mobile
Product: Samsung Mobile Devices

Description

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.

AI-Powered Analysis

AILast updated: 07/08/2025, 10:59:38 UTC

Technical Analysis

CVE-2025-21004 is a vulnerability identified in Samsung Mobile Devices, specifically affecting the System UI component of Galaxy Watch devices prior to the SMR (Security Maintenance Release) July 2025 Release 1. The root cause is an improper verification of intent by a broadcast receiver, which is a component responsible for handling asynchronous messages or intents within the Android operating system. This improper access control (CWE-284) flaw allows a local attacker to send crafted intents to the System UI broadcast receiver without proper validation, enabling them to power off the device unexpectedly. The vulnerability does not require any user interaction or privileges (no authentication needed), and the attack vector is local, meaning the attacker must have local access to the device, either physically or via a local app or process. The CVSS v3.1 base score is 6.2, indicating a medium severity level, with the impact focused solely on availability (device shutdown), and no impact on confidentiality or integrity. There are no known exploits in the wild at the time of publication, and no patches or mitigation links have been provided yet. This vulnerability could be exploited to cause denial of service by forcing the device to power off, potentially disrupting critical functionalities of the Galaxy Watch, such as health monitoring, notifications, or communication features.

Potential Impact

For European organizations, especially those relying on Samsung Galaxy Watch devices for employee health monitoring, communication, or operational purposes, this vulnerability poses a risk of service disruption. The ability of a local attacker to power off the device could lead to denial of service scenarios, affecting workforce productivity or critical health data collection. In sectors such as healthcare, manufacturing, or logistics where wearable devices are integrated into workflows, unexpected device shutdowns could impair real-time monitoring or alerting capabilities. Although the attack requires local access, insider threats or malicious apps installed on the device could exploit this flaw. The lack of impact on confidentiality and integrity limits the risk of data breaches or manipulation, but availability disruption can still have operational consequences. Given the growing adoption of wearable technology in European enterprises, this vulnerability could affect business continuity and employee safety monitoring if not addressed promptly.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Ensure all Samsung Galaxy Watch devices are updated to the latest SMR July 2025 Release 1 or later, as this release addresses the improper intent verification issue. 2) Restrict local access to devices by enforcing strong device usage policies, including limiting installation of untrusted applications and controlling physical access to devices. 3) Monitor device behavior for unexpected shutdowns or abnormal broadcasts that could indicate exploitation attempts. 4) Educate users about the risks of installing unauthorized apps or granting excessive permissions that could facilitate local attacks. 5) Employ Mobile Device Management (MDM) solutions to enforce security policies, manage updates, and detect anomalies on wearable devices. 6) Coordinate with Samsung support channels for timely patch deployment and vulnerability advisories. Since no patches were linked at the time of disclosure, organizations should prioritize updates as soon as they become available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
SamsungMobile
Date Reserved
2024-11-06T02:30:14.877Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686cf5636f40f0eb72f3f5da

Added to database: 7/8/2025, 10:39:31 AM

Last enriched: 7/8/2025, 10:59:38 AM

Last updated: 8/5/2025, 6:28:54 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats