CVE-2025-21013
Description
Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 lets local attackers access sensitive health data.
Vulnerability
Overview
Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time [1]. The root cause is missing or insufficient permission checks in the sensor manager component, enabling unauthorized read access to health-related telemetry.
Attack
Vector & Prerequisites
The attacker requires local access to the affected Galaxy Watch device (physical or paired Bluetooth). No elevated privileges or user interaction is needed beyond the initial access. The vulnerability can be exploited by a malicious app installed on the watch or through other local means [1].
Impact
A successful exploit allows the attacker to retrieve data such as outdoor exercise records, sleep duration, and related metrics. This represents a privacy violation, as the sensor data is intended to be protected from untrusted applications [1].
Mitigation
Samsung has addressed this issue in the SMR Aug-2025 Release 1 security update. Users are advised to update their Galaxy Watch firmware to the latest version available through Samsung Mobile Security [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: < SMR Aug-2025 Release 1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.