Critical Vulnerability Information October 2025 Update CVE-2024-1512/CVE-2025-21070/CVE-2025-21069/CVE-2025-21068/CVE-2025-21067/CVE-2025-21066 - Severity: Medium - Fixed Version: 4.4.30.03 - Description: In Samsung Notes, allows local attackers to read and write out-of-bounds memory. - Fix: Added proper validation. SVE-2025-0331/CVE-2025-21057 - Severity: Medium - Fixed Version: 4.4.40.03 - Description: Samsung Notes uses implicit intents for sensitive communication, allowing local attackers to access shared notes. - Fix: Added access control. SVE-2025-0687/CVE-2025-21058 - Severity: Medium - Fixed Version: 4.8.71 on Android 15 and 4.9.6.0 on Android 16 - Description: Improper access control in Routines allows local attackers to execute arbitrary code. - Fix: Added appropriate logic. SVE-2025-0798/CVE-2025-21059 - Severity: Medium - Fixed Version: 6.20.1.010 - Description: Improper authorization in Samsung Health allows local attackers to access data. - Fix: Added access control logic. SVE-2025-0837/CVE-2025-21060 - Severity: High - Fixed Version: 5.7.67.2 - Description: Smart Switch stores sensitive information in plaintext, allowing local attackers to access backup data. - Fix: Requires user interaction to trigger the vulnerability. SVE-2025-0838/CVE-2025-21061 - Severity: High - Fixed Version: 5.6.6.2 - Description: Smart Switch stores sensitive information in plaintext, allowing local attackers to access sensitive data. - Fix: Added appropriate encryption algorithms. SVE-2025-1302/CVE-2025-21063 - Severity: Medium - Fixed Version: 21.5.73.12 on Android 15 and 21.5.81.40 on Android 16 - Description: Improper access control in Samsung Voice Recorder allows physical attackers to access recorded files on the lock screen. - Fix: Added appropriate security controls. SVE-2025-1483/CVE-2025-21064 - Severity: High - Fixed Version: 5.7.66.6 - Description: Improper authentication in Smart Switch allows adjacent attackers to access transmitted data. - Fix: Added proper authentication. SVE-2025-1770/CVE-2025-21065 - Severity: High - Fixed Version: 5.59.11 - Description: Improper input validation in Retail Mode allows self-attackers to execute privileged commands on their own device. - Fix: Removed unnecessary code.