CVE-2021-25391: 
NixOS vulnerability analysis and mitigation

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. The vulnerability, identified as CVE-2021-25391, was discovered and reported by Sergey Toshin of Oversecured Inc. The issue affects Samsung mobile devices running Android 11.0 and was disclosed in June 2021 (Oversecured Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.0 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires local access, has low attack complexity, requires no privileges, and needs no user interaction. The impact primarily affects confidentiality with low severity (NVD).

The vulnerability could allow attackers to gain access to arbitrary content providers, potentially exposing sensitive information. The successful exploitation of this vulnerability resulted in a bug bounty reward of $1050, indicating its significant security implications (Oversecured Blog).

Samsung addressed this vulnerability in the SMR MAY-2021 Release 1 security update. Users are advised to update their devices to this version or later to protect against this vulnerability (Samsung Mobile Security).