What is the CVSS score of CVE-2025-23100?

CVE-2025-23100 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Exynos 1280 Firmware are affected by CVE-2025-23100?

CVE-2025-23100 affects Samsung mobile processors used in enterprise and consumer devices, potentially enabling attackers to crash affected systems remotely.

How to fix or mitigate CVE-2025-23100?

Within 24 hours: Inventory all Samsung Exynos 1280, 2200, 1380, 1480, and 2400 devices in your environment and assess business criticality. Within 7 days: Implement network monitoring to detect exploitation attempts and restrict unnecessary network access to affected devices. Within 30 days: Monitor Samsung security advisories for patch release; plan device firmware updates immediately upon availability and establish a staged rollout plan.

Exynos 1280 Firmware CVE-2025-23100

EUVD-2025-16784 HIGH

NULL Pointer Dereference (CWE-476)

2025-06-03 cve@mitre.org

Denial Of Service Null Pointer Dereference Samsung Exynos 1280 Firmware Exynos 1380 Firmware Exynos 1480 Firmware Exynos 2200 Firmware Exynos 2400 Firmware

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16784

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

CVE Published

Jun 03, 2025 - 20:15 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.

AnalysisAI

NULL pointer dereference vulnerability in Samsung's Exynos mobile processors (models 1280, 2200, 1380, 1480, 2400) that allows unauthenticated remote attackers to trigger a denial of service condition without user interaction. The vulnerability has a CVSS 3.1 score of 7.5 (High) with network-based attack vector and high availability impact, though no integrity or confidentiality compromise occurs. Exploitation likelihood and active weaponization status cannot be confirmed without KEV catalog verification and public exploit availability data.

Technical ContextAI

The vulnerability exists in Samsung's Exynos System-on-Chip (SoC) firmware or kernel-level processor handling code, affecting multiple processor generations used in Samsung Galaxy smartphones and tablets. The root cause is classified as CWE-476 (NULL Pointer Dereference), indicating insufficient input validation or null pointer checks before dereferencing memory addresses in processor-level code paths. Affected Exynos models (1280, 2200, 1380, 1480, 2400) span multiple processor generations with varying architectures and process nodes. The vulnerability likely exists in GPU drivers, modem firmware, or memory management subsystems that process untrusted network or IPC data without proper null validation. CPE entries would typically follow: cpe:2.3:o:samsung:exynos_1280_firmware:*:*:*:*:*:*:*:* and similar for other models.

RemediationAI

Apply Samsung security patches targeting Exynos processor firmware and kernel security updates: (1) Check device's current security patch level via Settings > About phone > Security patch date; (2) Install latest available OTA (Over-The-Air) updates for affected Exynos models via Settings > System > System update; (3) For enterprise deployments, coordinate with Samsung Mobile Device Management (MDM) vendors and Samsung Knox services for centralized patch deployment; (4) Monitor Samsung Security Center (https://security.samsungmobile.com/) and Android Security & Privacy Year in Review for specific Exynos CVE patches and target patch dates; (5) If patch unavailable for legacy devices (Exynos 1280/2200 variants), implement network-level DoS mitigation via rate limiting, anomaly detection, and segmentation of affected device traffic. Vendor advisory links should be extracted from Samsung's official security bulletins once published; contact Samsung Mobile Enterprise Relations for extended support timelines on older processor generations.