Primary

Context

Samsung Mobile SoftSIM Trustlet Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in the SoftSIM trustlet on select Android 12, 13, and 14 devices, prior to the January 2025 Security Maintenance Release. This vulnerability allows local privileged attackers to access sensitive test keys due to the inclusion of confidential information in the test code. The issue arises from improper handling of sensitive data, which could be exploited by attackers with elevated privileges.

Impact

Exploitation of this vulnerability allows local privileged attackers to retrieve sensitive test keys from the SoftSIM trustlet.

Remediation

Users can apply the January 2025 Security Maintenance Release, which includes the necessary patch, to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Mobile SoftSIM Trustlet Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating