MEDIUMCVE-2021-25341CVSS 4

CVE-2021-25341: DoS in S Assistant Android Application

Platform

android

Component

s-assistant

Fixed in

6.5.01.22

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2021-25341 describes a Denial of Service (DoS) vulnerability affecting S Assistant versions up to and including 6.5.01.22. This vulnerability allows unauthorized actions, specifically a DoS attack, by exploiting a flaw in provider handling. A fix is available in version 6.5.01.22, addressing this security concern.

Impact and Attack Scenarios

The vulnerability allows an attacker to trigger a denial of service within the S Assistant application. By hijacking a provider, the attacker can disrupt the normal operation of the application, potentially preventing legitimate users from accessing its features. This could lead to service outages and user frustration. The impact is primarily focused on application availability, but could also indirectly affect any services reliant on S Assistant.

Exploitation Context

CVE-2021-25341 was publicly disclosed on March 4, 2021. No public proof-of-concept (PoC) code has been widely reported. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 4 (MEDIUM) indicates a moderate probability of exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

0.05% (17% percentile)

CVSS Vector

Affected Software

Components-assistant

VendorSamsung Mobile

Affected rangeFixed in

unspecified – 6.5.01.226.5.01.22

Weakness Classification (CWE)

CWE-287

Timeline

Reserved2021-01-19
Published2021-03-04
Modified2024-08-03
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2021-25341 is to upgrade S Assistant to version 6.5.01.22 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing network-level restrictions to prevent unauthorized provider calls. While a direct WAF rule is unlikely, monitoring for unusual provider call patterns could provide early warning signs. After upgrading, confirm the fix by attempting to trigger the vulnerable provider call and verifying that the application does not crash or become unresponsive.

How to fix

Update the S Assistant application to version 6.5.01.22 or later. This update corrects the vulnerability that allows for unauthorized actions and denial of service attacks.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2021-25341 — DoS in S Assistant?

CVE-2021-25341 is a Denial of Service vulnerability in S Assistant versions up to 6.5.01.22, allowing attackers to disrupt application functionality by hijacking a provider.

Am I affected by CVE-2021-25341 in S Assistant?

Yes, if you are using S Assistant version 6.5.01.22 or earlier, you are potentially vulnerable to this DoS attack.

How do I fix CVE-2021-25341 in S Assistant?

Upgrade S Assistant to version 6.5.01.22 or later to resolve this vulnerability. If immediate upgrading is not possible, consider network-level restrictions.

Is CVE-2021-25341 being actively exploited?

While no widespread exploitation has been publicly confirmed, the vulnerability remains a potential risk until patched.

Where can I find the official S Assistant advisory for CVE-2021-25341?

Refer to the vendor's security advisory for detailed information and updates regarding CVE-2021-25341.

NextGuard

Vulnerabilities

What do these metrics mean?

Attack Vector: Local — attacker needs a local shell or interactive session on the system.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: None — no confidentiality impact. Attacker cannot read protected data.
Integrity: None — no integrity impact. Attacker cannot modify data.
Availability: Low — partial or intermittent denial of service. Attacker can degrade performance.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs

Android / Gradle

Detect this CVE in your project

Upload your build.gradle file and we'll tell you instantly if you're affected.

Upload build.gradle