CVEs-PoC/2021/CVE-2021-25381.md

### [CVE-2021-25381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25381)
![](https://img.shields.io/static/v1?label=Product&message=Samsung%20Account&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Android%20P(9.0)%20and%20below%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Android%20Q(10.0)%20and%20above%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brightgreen)

### Description

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

### POC

#### Reference
- https://security.samsungmobile.com/serviceWeb.smsb

#### Github
No PoCs found on GitHub currently.