Critical Vulnerability Information SMR-AUG-2025 CVE-2024-22631 (CVE-2025-21010): Improper Permission Management Severity: Medium Affected Versions: Android 15, 14, 15, 16 Report Date: December 3, 2024 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could disable the Samsung account in SamsungAccount. This patch adds proper permission management. CVE-2025-0091 (CVE-2025-21016): Improper Access Control in PkgPredictorService Severity: Medium Affected Versions: Chinese Android 13, 14, 15, 16 Report Date: January 7, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could exploit the NightVisionService. This patch adds proper access control. CVE-2025-0279 (CVE-2025-20990): Improper Access Control for Accessing System Device Nodes Severity: Medium Affected Versions: Android 15, 14, 15 Report Date: February 17, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could access device identifiers. This patch adds proper access control. CVE-2025-0416 (CVE-2025-21011): Improper Access Control in SemSensorService on Galaxy Watch Severity: Medium Affected Versions: Android Watch 16 Report Date: March 14, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could access sensitive information related to motion and body sensors in SemSensorService for Galaxy Watch. This patch adds proper access control. CVE-2025-0438 (CVE-2025-21012): Improper Access Control in Fall Detection on Galaxy Watch Severity: Medium Affected Versions: Android Watch 16 Report Date: March 19, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could modify fall detection configuration in the fall detection connection. This patch adds proper access control. CVE-2025-0433 (CVE-2025-21013): Improper Access Control in SomSensorManager on Galaxy Watch Severity: Medium Affected Versions: Android Watch 16 Report Date: March 24, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could access sensitive information related to motion and sleep in SomSensorManager for Galaxy Watch. This patch adds proper access control. CVE-2025-0568 (CVE-2025-21014): Improper Export of Android Application Component in Emergency SoS Severity: Medium Affected Versions: Android 15, 14, 14, 16 Report Date: April 10, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could access sensitive information in Emergency SoS. This patch adds proper permissions. CVE-2025-0698 (CVE-2025-21015): Path Traversal in Document Scanner Severity: Medium Affected Versions: Android 15, 16 Report Date: April 28, 2025 Disclosure Status: Private Disclosure Description: Prior to SMR Aug. 2025 Release 1, a local attacker could delete files in the document scanner. This patch adds proper input validation.