Skip to main content

Exynos 1080 Firmware CVE-2025-47202

| EUVD-2025-20277 CRITICAL
Out-of-bounds Write (CWE-787)
2025-07-07 cve@mitre.org
Buffer Overflow Memory Corruption Samsung Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware Exynos 1380 Firmware Exynos 1480 Firmware Exynos 1580 Firmware Exynos 2100 Firmware Exynos 2200 Firmware Exynos 2400 Firmware Exynos 850 Firmware Exynos 9110 Firmware Exynos 980 Firmware Exynos 990 Firmware Exynos W1000 Firmware Exynos W920 Firmware Exynos W930 Firmware Modem 5123 Firmware Modem 5300 Firmware Modem 5400 Firmware
9.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 03:37 euvd
EUVD-2025-20277
Analysis Generated
Mar 16, 2026 - 03:37 vuln.today
CVE Published
Jul 07, 2025 - 16:15 nvd
CRITICAL 9.1

DescriptionNVD

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, the lack of a length check leads to out-of-bounds writes.

Analysis

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, the lack of a length check leads to out-of-bounds writes.

Technical ContextAI

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Write (CWE-787).

RemediationAI

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

More from same product – last 7 days

CVE-2026-8915 HIGH
8.8 May 28

Out-of-bounds write in Samsung's Escargot JavaScript engine allows attacker-supplied scripts to corrupt memory through t
CVE-2026-45956
May 27

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup
CVE-2026-45958
May 27

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferenci

Share

CVE-2025-47202 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy