CVE-2025-21019: 
NixOS vulnerability analysis and mitigation

Improper authorization in Samsung Health prior to version 6.30.1.003 was discovered, allowing local attackers to access data in Samsung Health. The vulnerability was reported on December 7, 2024, and was assigned CVE-2025-21019. The vulnerability affects Samsung Health application versions prior to 6.30.1.003 and requires user interaction for exploitation (Samsung Mobile).

The vulnerability has been classified as a moderate severity issue with a CVSS v3.1 base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). The vulnerability stems from improper authorization verification logic in the Samsung Health application (Samsung Mobile).

When successfully exploited, this vulnerability allows local attackers to access data stored within Samsung Health. The impact is limited to data confidentiality, with no direct impact on system integrity or availability. User interaction is required for the vulnerability to be exploited (Samsung Mobile).

Samsung has addressed this vulnerability by adding proper authorization verification logic in version 6.30.1.003 of Samsung Health. Users are advised to update their Samsung Health application to this version or later to mitigate the vulnerability (Samsung Mobile).