CVE-2021-25376

Vulnerability

Samsung Email versions prior to 6.1.41.0 contain an improper synchronization logic that causes plain-text leakage of mailbox messages when a STARTTLS negotiation fails. The bug resides in the email client's TLS handling code, which fails to maintain state consistency during unsuccessful encryption upgrades, sending data over a cleartext connection instead of aborting.

Exploitation

An attacker on the same network (man-in-the-middle position) can force a STARTTLS negotiation failure, for example by interfering with the TLS handshake or by blocking the upgrade response. No prior authentication or user interaction beyond normal email sync operations is required; the vulnerable code path is automatically triggered when the client attempts to secure the connection and encounters the failure.

Impact

Successful exploitation results in the disclosure of email message bodies, headers, and potentially attachments in plain text over the network. This compromises the confidentiality of all mailbox data synchronized during the affected session and may expose sensitive information to the attacker.

Mitigation

The vulnerability is fixed in Samsung Email version 6.1.41.0 and later [1]. Users should update their email client through the Galaxy Store or standard update mechanism. No workarounds are documented; if the update cannot be applied, encrypting network traffic at a higher layer (e.g., VPN) can reduce exposure.