CVE-2021-25364: 
NixOS vulnerability analysis and mitigation

A pendingIntent hijacking vulnerability was discovered in Samsung's Secure Folder application prior to SMR APR-2021 Release 1. The vulnerability was assigned CVE-2021-25364 and was first recorded on January 19, 2021. This security flaw affects Samsung mobile devices running the Secure Folder application (CVE Details, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (LOW) by NIST with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, while Samsung Mobile assessed it with a Base Score of 4.0 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability allows unprivileged applications to access contact information stored in the Secure Folder, potentially compromising user privacy and data confidentiality (CVE Details).

Samsung addressed this vulnerability in the SMR APR-2021 Release 1 security update. Users are advised to update their devices to this version or later to protect against this vulnerability (Samsung Mobile).