Open Redirect Bypass in Samsung Members App (CVE‑2025‑21079) Threatens Galaxy S25 Devices
What It Is – A remote open‑redirect flaw in the Samsung Members application on the Galaxy S25 allows an attacker to send a victim to a malicious URL without any authentication. The redirected site can then trigger additional Android activities, paving the way for deeper compromise.
Exploitability – The vulnerability is network‑accessible (AV:N), requires high attack complexity (AC:H), and does not need credentials (PR:N). A proof‑of‑concept exists, but no public exploit kits have been observed. CVSS v3.1 score: 5.0 (Moderate).
Affected Products – Samsung Galaxy S25 smartphones running the Samsung Members app (versions prior to the November 2025 security patch).
TPRM Impact –
- Enterprise‑managed mobile fleets that rely on Samsung Members for support or OTA updates may inherit the bypass, exposing corporate data and apps.
- Third‑party mobile‑device‑management (MDM) platforms that whitelist the Samsung Members URL could inadvertently allow malicious redirects, creating a supply‑chain foothold.
Recommended Actions –
- Deploy Samsung’s November 2025 security update to all Galaxy S25 devices immediately.
- Verify patch status via MDM inventory reports; flag any unpatched units.
- Consider disabling or restricting the Samsung Members app on corporate‑managed devices until the update is confirmed.
- Monitor network traffic for unexpected redirects to unknown domains originating from Samsung Members.
- Update security policies to treat third‑party app redirects as suspicious activity.