CVE-2021-25356

Name of the Vulnerable Software and Affected Versions: Managed Provisioning versions prior to SMR APR-2021 Release 1

Description: The issue is related to an improper caller check in Managed Provisioning, allowing an unprivileged application to install arbitrary applications, grant device admin permission, and then delete several installed applications.

Recommendations: For versions prior to SMR APR-2021 Release 1, update to SMR APR-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting the installation of arbitrary applications and granting of device admin permissions to minimize the risk of exploitation.