CVE-2025-21073: 
NixOS vulnerability analysis and mitigation

CVE-2025-21073 is a security vulnerability discovered in Samsung mobile devices' USB connection mode prior to SMR Nov-2025 Release 1. The vulnerability was reported on April 16, 2025, and affects Android versions 13, 14, 15, and 16. It allows privileged physical attackers to access user data when specific user interaction conditions are met (Samsung Mobile).

The vulnerability has been assigned a CVSS v3.1 base score of 4.1 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N. Samsung Mobile's assessment differs slightly, rating it at 6.8 (MEDIUM) with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. The vulnerability stems from an insecure default configuration in the USB connection mode (NVD).

When successfully exploited, this vulnerability allows privileged physical attackers to gain unauthorized access to user data stored on the device. The impact is primarily focused on data confidentiality, with high potential for data exposure when the vulnerability is successfully exploited (Samsung Mobile).

Samsung has addressed this vulnerability by changing the default USB connection mode in the SMR Nov-2025 Release 1 security update. Users are advised to update their devices to this version or later to protect against potential exploitation (Samsung Mobile).