Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
AnalysisAI
CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient length validation, allowing remote unauthenticated attackers to achieve high confidentiality impact with medium integrity and availability impact. The vulnerability has a CVSS score of 8.6 with low attack complexity and no privilege requirements, making it a significant risk to Samsung Galaxy devices using these processors; exploitation status and active use in the wild have not been confirmed at this time.
Technical ContextAI
The vulnerability exists in Samsung Mobile Processor Exynos 1480 and 2400 SoCs (System-on-Chip), which are primary processors used in Samsung Galaxy flagship and mid-range devices. The root cause is classified as CWE-787 (Out-of-bounds Write), indicating that code processing network input or other external data fails to validate buffer length before writing, allowing attackers to overflow heap or stack memory. The Exynos processors handle low-level hardware operations, cryptographic functions, and secure enclave processing; a flaw at this level can compromise the entire device security model. The lack of length checking suggests the vulnerability exists in firmware or bootloader code responsible for parsing or processing protocol messages, likely in network stack handling or secure communication channels.
RemediationAI
Samsung must release firmware/bootloader patches addressing the length validation flaw in affected Exynos processors. Users should: (1) Apply all available Samsung security updates immediately upon release, prioritizing devices with Exynos 1480/2400; (2) Monitor Samsung Security Advisory pages for firmware patches specific to CVE-2025-23103; (3) Avoid untrusted networks and disable unnecessary network services pending patches; (4) Enable all available security features (Knox, SELinux enforcement); (5) Consider network segmentation for critical Samsung devices. Vendor mitigation may include disabling vulnerable firmware code paths if identified. Samsung should release coordinated security advisories with clear device model mapping and patch timeline. Patch availability dates and version numbers should be published immediately to samsung.com/security.
More in Exynos 1480 Firmware
View allOOB write in Samsung Exynos 1480/2400 processors.
In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13
Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write
Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an
Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient le
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker w
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. Rated high severity (CVSS 7.5), this vulnerabi
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. Rated high severity (CVSS 7.5), this vu
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480
An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16752