Skip to main content

Exynos 1480 Firmware CVE-2025-23105

| EUVDEUVD-2025-16678 HIGH
Incorrect Default Permissions (CWE-276)
2025-06-02 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 16:47 euvd
EUVD-2025-16678
Analysis Generated
Mar 14, 2026 - 16:47 vuln.today
CVE Published
Jun 02, 2025 - 19:15 nvd
HIGH 7.8

DescriptionCVE.org

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

AnalysisAI

Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.

Technical ContextAI

Use-after-free (UAF) vulnerabilities occur when a program references memory that has been freed, allowing attackers to read, write, or execute arbitrary code by controlling the contents of the freed memory region. In the context of Samsung Exynos processors, this vulnerability likely exists in firmware or kernel-level code responsible for memory management within the mobile processor's subsystems. The CWE-276 classification (Incorrect Default Access Control and Privilege Assignment) combined with the UAF pattern suggests the vulnerability involves improper access controls around freed memory resources in processor firmware or driver code. The Exynos 2200 (used in Galaxy S22 series), 1480 (older flagship processor), and 2400 (newer generation) all share architectural similarities that expose them to the same root cause. This is a firmware/hardware-level vulnerability affecting the System-on-Chip (SoC) rather than application-level code, making it particularly dangerous as it operates below standard OS-level protections.

RemediationAI

Patch through Samsung security updates: (1) Deploy firmware/kernel security patches released by Samsung for affected Exynos processors—these are typically distributed via OTA (over-the-air) updates and monthly security patches; (2) Ensure devices are updated to the latest available security patch level for the respective processor version (e.g., latest 2024-2025 patches for Exynos 2200/2400); (3) Enable all available OS-level security features: SELinux enforcement, address space layout randomization (ASLR), and DEP/NX protections, though these are OS-level and may not fully mitigate processor-level UAF; (4) Implement app permission restrictions and disable installation from unknown sources to reduce local attack surface; (5) Workarounds pending patch: restrict app installations to verified sources only, monitor for unusual privilege escalation attempts via SELinux audit logs if accessible. No specific workaround exists for processor firmware vulnerabilities—patching is mandatory. Contact Samsung support or check security.samsung.com for patch availability and release timelines for your specific device model.

CVE-2025-23099 CRITICAL
9.1 Jun 02

OOB write in Samsung Exynos 1480/2400 processors.

CVE-2025-47202 CRITICAL
9.1 Jul 07

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13

CVE-2025-27807 CRITICAL
9.1 Jan 05

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write

CVE-2025-23102 HIGH
8.8 Jun 03

Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an

CVE-2025-23107 HIGH
8.6 Jun 03

Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient le

CVE-2025-23103 HIGH
8.6 Jun 03

CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by ins

CVE-2025-53966 HIGH
8.4 Jan 05

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211

CVE-2025-49495 HIGH
8.4 Jan 05

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an

CVE-2024-39890 HIGH
8.1 Dec 02

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 108

CVE-2024-31960 HIGH
7.8 Sep 10

An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulne

CVE-2024-27387 HIGH
7.8 Sep 09

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. R

CVE-2024-27383 HIGH
7.8 Sep 09

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. R

Share

CVE-2025-23105 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy