What is the CVSS score of CVE-2025-54324?

CVE-2025-54324 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Samsung are affected by CVE-2025-54324?

CVE-2025-54324 is a high-severity denial-of-service vulnerability affecting Samsung Exynos chipsets used in millions of mobile devices and wearables worldwide.

How to fix or mitigate CVE-2025-54324?

Within 24 hours: Inventory Samsung mobile devices and wearables in use, identifying models with affected Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123/5300/5400). Within 7 days: Assess exposure by identifying devices operating on public/untrusted networks and communicate interim mitigation options to device owners (network segmentation, connection to trusted networks only). Within 30 days: Monitor Samsung security advisories for patch release and establish deployment timeline; prepare MDM/EMM update procedures to deploy patches to all vulnerable devices once available.

Samsung CVE-2025-54324

EUVD-2025-209241 HIGH

Uncontrolled Resource Consumption (CWE-400)

2026-04-06 mitre

Denial Of Service Samsung

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 06, 2026 - 19:00 euvd

EUVD-2025-209241

Analysis Generated

Apr 06, 2026 - 19:00 vuln.today

CVE Published

Apr 06, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service.

AnalysisAI

Denial of service in Samsung Exynos chipsets' NAS (Non-Access Stratum) layer allows remote unauthenticated attackers to crash mobile devices via malformed Downlink NAS Transport packets. Affects 23+ Exynos processor and modem variants used in mobile phones, wearables, and cellular modems (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400). Despite CVSS 7.5, EPSS shows only 0.02% exploitation probability (5th percentile), and no public exploit or active exploitation confirmed at time of analysis.

Technical ContextAI

The vulnerability resides in the Non-Access Stratum (NAS) protocol implementation within Samsung Exynos chipsets' cellular baseband processors. NAS handles signaling between mobile devices and the core network (independent of the radio access technology), managing functions like authentication, mobility, and session management. The flaw (CWE-400: Uncontrolled Resource Consumption) stems from improper validation when processing Downlink NAS Transport messages from the network to the device. These messages carry upper-layer data encapsulated within NAS signaling. Incorrect handling-likely missing bounds checks, malformed TLV parsing, or unbounded resource allocation-allows specially crafted packets to exhaust resources or trigger crash conditions in the baseband firmware. This affects a broad range of Exynos mobile processors (flagship 2100/2200/2400/2500, mid-range 980/990/1080/1280/1380/1480/1580, entry-level 850, wearable W-series) and standalone modems (5123/5300/5400), spanning multiple device generations across smartphones, smartwatches, and IoT products.

RemediationAI

Apply firmware updates from device manufacturers incorporating Samsung's baseband security patch. Samsung Semiconductor has published advisory details at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54324/ with chipset-level patch availability. End-users should install Android security updates from Samsung Mobile, Google (for Pixel devices with Exynos variants), Vivo, and other OEMs using affected Exynos chipsets-typically distributed through monthly Android Security Bulletin updates. Enterprise deployments should verify baseband firmware versions through MDM tools and prioritize updates for devices used in sensitive locations where rogue base station attacks are plausible. No user-level workarounds exist (cellular connectivity cannot be selectively hardened), making vendor patches the sole mitigation. Monitor Samsung's semiconductor security portal and device OEM security bulletins for exact patched firmware build numbers.