Skip to main content

Exynos 1480 Firmware CVE-2025-23100

| EUVDEUVD-2025-16784 HIGH
NULL Pointer Dereference (CWE-476)
2025-06-03 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16784
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 20:15 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.

AnalysisAI

NULL pointer dereference vulnerability in Samsung's Exynos mobile processors (models 1280, 2200, 1380, 1480, 2400) that allows unauthenticated remote attackers to trigger a denial of service condition without user interaction. The vulnerability has a CVSS 3.1 score of 7.5 (High) with network-based attack vector and high availability impact, though no integrity or confidentiality compromise occurs. Exploitation likelihood and active weaponization status cannot be confirmed without KEV catalog verification and public exploit availability data.

Technical ContextAI

The vulnerability exists in Samsung's Exynos System-on-Chip (SoC) firmware or kernel-level processor handling code, affecting multiple processor generations used in Samsung Galaxy smartphones and tablets. The root cause is classified as CWE-476 (NULL Pointer Dereference), indicating insufficient input validation or null pointer checks before dereferencing memory addresses in processor-level code paths. Affected Exynos models (1280, 2200, 1380, 1480, 2400) span multiple processor generations with varying architectures and process nodes. The vulnerability likely exists in GPU drivers, modem firmware, or memory management subsystems that process untrusted network or IPC data without proper null validation. CPE entries would typically follow: cpe:2.3:o:samsung:exynos_1280_firmware:*:*:*:*:*:*:*:* and similar for other models.

RemediationAI

Apply Samsung security patches targeting Exynos processor firmware and kernel security updates: (1) Check device's current security patch level via Settings > About phone > Security patch date; (2) Install latest available OTA (Over-The-Air) updates for affected Exynos models via Settings > System > System update; (3) For enterprise deployments, coordinate with Samsung Mobile Device Management (MDM) vendors and Samsung Knox services for centralized patch deployment; (4) Monitor Samsung Security Center (https://security.samsungmobile.com/) and Android Security & Privacy Year in Review for specific Exynos CVE patches and target patch dates; (5) If patch unavailable for legacy devices (Exynos 1280/2200 variants), implement network-level DoS mitigation via rate limiting, anomaly detection, and segmentation of affected device traffic. Vendor advisory links should be extracted from Samsung's official security bulletins once published; contact Samsung Mobile Enterprise Relations for extended support timelines on older processor generations.

CVE-2025-23099 CRITICAL
9.1 Jun 02

OOB write in Samsung Exynos 1480/2400 processors.

CVE-2025-47202 CRITICAL
9.1 Jul 07

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13

CVE-2025-27807 CRITICAL
9.1 Jan 05

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write

CVE-2025-23102 HIGH
8.8 Jun 03

Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an

CVE-2025-23107 HIGH
8.6 Jun 03

Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient le

CVE-2025-23103 HIGH
8.6 Jun 03

CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by ins

CVE-2025-53966 HIGH
8.4 Jan 05

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211

CVE-2025-49495 HIGH
8.4 Jan 05

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an

CVE-2024-39890 HIGH
8.1 Dec 02

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 108

CVE-2025-23105 HIGH
7.8 Jun 02

Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker w

CVE-2024-31960 HIGH
7.8 Sep 10

An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulne

CVE-2024-27387 HIGH
7.8 Sep 09

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. R

Share

CVE-2025-23100 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy