Skip to main content

Exynos 1080 Firmware CVE-2025-23102

| EUVDEUVD-2025-16776 HIGH
Double Free (CWE-415)
2025-06-03 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16776
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 19:15 nvd
HIGH 8.8

DescriptionCVE.org

An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation.

AnalysisAI

Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, and 2400) that enables privilege escalation. An authenticated attacker with local access can trigger the memory corruption flaw to gain elevated privileges on affected devices. With a CVSS score of 8.8 and network accessibility (AV:N), this represents a critical risk for Samsung mobile device users, particularly if the vulnerability is actively exploited in-the-wild.

Technical ContextAI

The vulnerability exists within Samsung's proprietary Exynos mobile processor microarchitecture, likely in kernel-level or secure enclave memory management routines. CWE-415 (Double Free) occurs when a program attempts to free memory that has already been freed, leading to heap corruption. In the context of mobile processors with memory protection extensions (ARM TrustZone, Samsung Knox), a double-free in privileged processor code could allow an attacker to overwrite critical kernel data structures or security policy enforcement mechanisms. The affected Exynos processors span multiple generations (980/990 from Exynos 9-series, 1080/1280/1380/1480 from mid-range lines, and flagship 2100/2200/2400 models), suggesting the vulnerability is systemic across Samsung's processor design lineups rather than isolated to a single architecture version. CPE strings would typically match: cpe:2.3:h:samsung:exynos_980:*:*:*:*:*:*:*:* through cpe:2.3:h:samsung:exynos_2400:*:*:*:*:*:*:*:*

RemediationAI

Patch availability and specific patch versions were not provided in source data; remediation depends on Samsung's processor update cadence. Recommended actions: (1) Monitor Samsung Security Updates page and device manufacturer security bulletins for microcode patches or bootloader updates addressing CVE-2025-23102; (2) Apply all available security patches and OS updates immediately upon release, as these will contain mitigations; (3) For enterprise deployments, implement Mobile Device Management (MDM) policies to enforce automatic patching and isolate affected devices from sensitive networks; (4) As a temporary mitigation, restrict local access to unprivileged user accounts and disable unnecessary local services that could be chained with this vulnerability; (5) Coordinate with carriers to ensure timely distribution of patches, as processor-level fixes require OEM and carrier collaboration. Hardware workarounds do not exist; vulnerability remediation requires security patch deployment.

CVE-2025-47202 CRITICAL
9.1 Jul 07

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13

CVE-2025-27807 CRITICAL
9.1 Jan 05

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write

CVE-2025-23098 HIGH
7.8 Jun 03

Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that e

CVE-2024-50600 HIGH
7.5 Mar 06

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480

CVE-2024-52924 HIGH
7.5 Mar 06

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,

CVE-2024-52923 HIGH
7.5 Mar 06

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,

CVE-2025-43706 HIGH
7.5 Jan 05

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 240

CVE-2025-59439 HIGH
7.5 Feb 03

An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920

CVE-2025-59440 HIGH
7.5 Apr 06

Denial of service in Samsung Exynos USIM firmware across mobile, wearable, and modem processors allows unauthenticated r

CVE-2025-57835 HIGH
7.5 Apr 06

System crash in Samsung Exynos processors (980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, Wearable

CVE-2025-58342 MEDIUM
6.2 Feb 03

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

CVE-2025-58341 MEDIUM
6.2 Feb 03

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Share

CVE-2025-23102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy