CVE-2025-27807
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
2Tags
Description
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.
Analysis
Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write via malformed NAS (Non-Access Stratum) packets. This baseband vulnerability can be exploited over the cellular network without user interaction, potentially affecting millions of devices.
Technical Context
The NAS packet parser in Exynos baseband firmware fails to validate length fields (CWE-787), causing out-of-bounds writes. NAS operates between the device and the core network – a rogue base station or compromised network element can send crafted packets directly to the baseband processor. Baseband vulnerabilities execute below the OS, often with DMA access to main memory.
Affected Products
Samsung Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123/5300/5400
Remediation
Apply Samsung security updates. These are typically distributed through carrier OTA updates. No user-side mitigation exists for baseband vulnerabilities.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today