This vulnerability (CVE-2026-21025) affects Samsung Mobile Devices and is classified under CWE-269 for improper privilege management. Specifically, incorrect privilege assignment in the Telephony subsystem before the SMR June 2026 Release 1 allows local attackers to gain unauthorized access to sensitive information. The CVSS 4.0 vector indicates the attack requires local access with low complexity and no user interaction, but no privileges are required initially. The vulnerability does not affect confidentiality, integrity, or availability directly but impacts the value of sensitive information accessible to the attacker. No patch or official remediation level has been published by Samsung Mobile as of the data provided.

Local attackers can exploit this vulnerability to access sensitive information on affected Samsung Mobile Devices due to incorrect privilege assignment in the Telephony component. The impact is limited to information disclosure without direct impact on system integrity or availability. There are no known exploits in the wild, and the vulnerability requires local access to the device.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or remediation level is provided, users and administrators should monitor Samsung Mobile advisories for updates. Until a fix is available, restricting local access to devices and limiting untrusted applications may reduce risk.