Unrated severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025

CVE-2025-21079

Description

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

Affected products

WordPress/Membersllm-fuzzy
Range: <5.5.01.3
Package: https://wordpress.org/plugins/members
Samsung Mobile/Samsung Membersv5
Range: 5.5.01.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.samsungmobile.com/serviceWeb.smsbmitre

News mentions

ZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
Zero Day Initiative · Mar 16, 2026
ZDI-26-210: (Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability
Zero Day Initiative · Mar 16, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000