Low severity3.3NVD Advisory· Published Aug 6, 2025· Updated Apr 15, 2026

CVE-2025-21023

Description

Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper access control in WcsExtension for Galaxy Watch before Android Watch 16 allows local attackers to access sensitive information.

The vulnerability CVE-2025-21023 is an improper access control issue in the WcsExtension component of Samsung Galaxy Watch devices running software prior to Android Watch 16. The official description indicates that a local attacker can exploit this flaw to access sensitive information [1].

References

Samsung Mobile Security

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Samsung Mobile/WcsExtensionllm-create
Range: < Android Watch 16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.samsungmobile.com/serviceWeb.smsbnvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000