### [CVE-2021-25439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25439)
![](https://img.shields.io/static/v1?label=Product&message=Samsung%20Members&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=-%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brightgreen)

### Description

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

### POC

#### Reference
- https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7

#### Github
No PoCs found on GitHub currently.