CVE-2025-21063 in Voice Recorder
Summary
by MITRE • 10/10/2025
Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/09/2026
The vulnerability identified as CVE-2025-21063 represents a critical access control flaw in Samsung Voice Recorder applications across Android 15 and 16 operating systems. This weakness stems from inadequate permission handling and security boundaries that fail to properly restrict access to sensitive audio recording files when the device is locked. The vulnerability specifically affects versions prior to 21.5.73.12 for Android 15 and 21.5.81.40 for Android 16, indicating that Samsung has acknowledged and addressed this issue in subsequent releases.
The technical implementation of this flaw allows physical attackers to bypass the intended security measures that should prevent unauthorized access to voice recordings when the device screen is locked. This represents a failure in the application's security model where file-level access controls do not adequately consider the device's lock state or user authentication status. The vulnerability enables attackers with physical possession of the device to directly access and potentially exfiltrate sensitive audio data without requiring additional authentication mechanisms or user interaction beyond device unlock.
From an operational impact perspective, this vulnerability creates significant risks for users who store confidential or sensitive information in voice recordings. The exposure extends beyond simple audio files to potentially include personal conversations, business discussions, or any other sensitive information captured through voice recording functionality. The attack vector is particularly concerning as it requires only physical access to the device, eliminating the need for network-based attacks or complex exploitation techniques. This aligns with ATT&CK technique T1531 which describes access to files or directories through physical access or device compromise.
The security implications extend to privacy violations and potential data breaches that could occur when attackers exploit this vulnerability. Organizations relying on Samsung Voice Recorder for business communications or personal documentation face heightened risks when devices are lost, stolen, or accessed by unauthorized individuals. The vulnerability may also impact compliance with data protection regulations that require appropriate safeguards for sensitive information, particularly when considering the potential for unauthorized data access through physical device compromise.
Mitigation strategies should prioritize immediate patching of affected Samsung Voice Recorder versions to the latest secure releases. Users should also implement additional protective measures such as strong device encryption, biometric authentication, and regular security updates. Organizations should conduct vulnerability assessments to identify affected devices and establish policies for secure device management. The remediation process should include verifying that the updated application properly enforces access controls on locked devices and that audio files remain protected from unauthorized access. This vulnerability demonstrates the importance of proper access control implementation in mobile applications and aligns with CWE-284 which addresses improper access control in software systems. Security teams should monitor for similar vulnerabilities in other voice recording applications and ensure comprehensive device security policies are in place to protect against physical access attacks.