Pwn2Own Disclosure: Samsung Galaxy S25 Flaw in Samsung Members App Allows Open Redirect and Activity Hijacking
A vulnerability disclosed at Pwn2Own in the Samsung Members app on the Galaxy S25 allows remote attackers to redirect users to malicious sites and chain the flaw to launch arbitrary Android activities.
A security vulnerability in the Samsung Members application on the Samsung Galaxy S25, disclosed as part of the Pwn2Own hacking contest, allows remote attackers to bypass security protections and redirect users to malicious websites. The flaw, tracked as CVE-2025-21079, was reported by researchers Ken Gannon and Dimitrios Valsamaras and publicly detailed by the Zero Day Initiative on March 16, 2026.
The vulnerability is an open redirect issue that does not require authentication to exploit. An attacker can force the specific flaw exists within the Samsung Members app, enabling a pre-installed application on Samsung devices. By forcing a redirection to a site that serves malicious content, an attacker can leverage this flaw in conjunction with other vulnerabilities to start arbitrary Android exported activities, leading to further compromise of the device.
Samsung has already issued a security update to correct the vulnerability, which was released as part of the November of the November 2025 security maintenance release. Users are strongly advised to ensure their devices are urged to apply the update immediately to mitigate the risk. The advisory notes that the vulnerability was reported to Samsung on November 18, 2025, and the coordinated public release of the advisory occurred on March 16, 2026.
The vulnerability was demonstrated as part of the Pwn2Own contest, where researchers earned significant bounties for discovering and responsibly disclosing zero-day flaws. The Samsung Galaxy S25, Galaxy S25, and Samsung Members app are the primary affected products, and the flaw has a CVSS score of 5.0, indicating moderate severity but with potential for significant impact when chained with other exploits.
This disclosure highlights the ongoing risks associated with pre-installed applications on mobile devices, which often have broad permissions and can be used as an attack vector. Users should ensure their devices are running the latest firmware and security patches to protect against such vulnerabilities.