Skip to main content

Exynos 1480 Firmware CVE-2025-23107

| EUVDEUVD-2025-16769 HIGH
Out-of-bounds Write (CWE-787)
2025-06-03 cve@mitre.org
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16769
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 17:15 nvd
HIGH 8.6

DescriptionCVE.org

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

AnalysisAI

Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient length validation. This vulnerability affects Samsung Galaxy devices and other OEM devices utilizing these SoCs, allowing remote, unauthenticated attackers to execute code with high integrity impact and potential system compromise. The high CVSS score of 8.6 reflects the network-exploitable nature and lack of authentication requirements, though real-world exploitation depends on the specific attack surface exposed in affected device implementations.

Technical ContextAI

The vulnerability resides in Samsung's Exynos mobile processor line (specifically the 1480 and 2400 models), which serve as the primary system-on-chip (SoC) for Samsung Galaxy flagship devices and are licensed to other OEMs. The root cause is classified as CWE-787 (Out-of-bounds Write), which occurs when code writes data beyond the boundaries of an allocated memory buffer without proper length validation. This typically manifests in processor firmware, bootloader, or secure enclave components that parse untrusted input without bounds checking. The lack of a length check suggests the vulnerability exists in a parsing routine—possibly in modem firmware processing, secure element communication, or inter-processor communication (IPC) mechanisms—where an attacker can supply malformed packets or messages that exceed expected buffer sizes, corrupting adjacent memory regions.

RemediationAI

Users with affected devices (Galaxy S24 series, S24 FE, and related models) should immediately apply the latest available firmware/security updates through Settings > System > System Update > Check for Updates or via Samsung's SmartSwitch software. OEMs using Exynos 1480/2400 should contact Samsung for emergency firmware patches. Samsung will release fixes through monthly security updates (likely available in January 2025 or sooner depending on discovery/disclosure timeline). Users unable to patch immediately should: (1) disable unnecessary network-exposed services and features, (2) avoid connecting to untrusted networks, (3) use VPN or network segmentation where possible, and (4) monitor Samsung's Security Advisory and Mobile Security Release Notes for specific CVE guidance. No known workarounds exist for this processor-level vulnerability; patching is the only mitigation. Vendor advisories and detailed patch notes should be monitored at security.samsungmobile.com and Samsung's official security bulletin pages.

CVE-2025-23099 CRITICAL
9.1 Jun 02

OOB write in Samsung Exynos 1480/2400 processors.

CVE-2025-47202 CRITICAL
9.1 Jul 07

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13

CVE-2025-27807 CRITICAL
9.1 Jan 05

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write

CVE-2025-23102 HIGH
8.8 Jun 03

Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an

CVE-2025-23103 HIGH
8.6 Jun 03

CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by ins

CVE-2025-53966 HIGH
8.4 Jan 05

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211

CVE-2025-49495 HIGH
8.4 Jan 05

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an

CVE-2025-23105 HIGH
7.8 Jun 02

Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker w

CVE-2024-46922 HIGH
7.5 Feb 12

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. Rated high severity (CVSS 7.5), this vulnerabi

CVE-2024-46923 HIGH
7.5 Feb 12

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. Rated high severity (CVSS 7.5), this vu

CVE-2024-50600 HIGH
7.5 Mar 06

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480

CVE-2024-52924 HIGH
7.5 Mar 06

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,

Share

CVE-2025-23107 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy