Skip to main content

Samsung CVE-2025-54324

| EUVDEUVD-2025-209241 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-04-06 mitre
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 19:00 euvd
EUVD-2025-209241
Analysis Generated
Apr 06, 2026 - 19:00 vuln.today
CVE Published
Apr 06, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service.

AnalysisAI

Denial of service in Samsung Exynos chipsets' NAS (Non-Access Stratum) layer allows remote unauthenticated attackers to crash mobile devices via malformed Downlink NAS Transport packets. Affects 23+ Exynos processor and modem variants used in mobile phones, wearables, and cellular modems (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400). Despite CVSS 7.5, EPSS shows only 0.02% exploitation probability (5th percentile), and no public exploit or active exploitation confirmed at time of analysis.

Technical ContextAI

The vulnerability resides in the Non-Access Stratum (NAS) protocol implementation within Samsung Exynos chipsets' cellular baseband processors. NAS handles signaling between mobile devices and the core network (independent of the radio access technology), managing functions like authentication, mobility, and session management. The flaw (CWE-400: Uncontrolled Resource Consumption) stems from improper validation when processing Downlink NAS Transport messages from the network to the device. These messages carry upper-layer data encapsulated within NAS signaling. Incorrect handling-likely missing bounds checks, malformed TLV parsing, or unbounded resource allocation-allows specially crafted packets to exhaust resources or trigger crash conditions in the baseband firmware. This affects a broad range of Exynos mobile processors (flagship 2100/2200/2400/2500, mid-range 980/990/1080/1280/1380/1480/1580, entry-level 850, wearable W-series) and standalone modems (5123/5300/5400), spanning multiple device generations across smartphones, smartwatches, and IoT products.

RemediationAI

Apply firmware updates from device manufacturers incorporating Samsung's baseband security patch. Samsung Semiconductor has published advisory details at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54324/ with chipset-level patch availability. End-users should install Android security updates from Samsung Mobile, Google (for Pixel devices with Exynos variants), Vivo, and other OEMs using affected Exynos chipsets-typically distributed through monthly Android Security Bulletin updates. Enterprise deployments should verify baseband firmware versions through MDM tools and prioritize updates for devices used in sensitive locations where rogue base station attacks are plausible. No user-level workarounds exist (cellular connectivity cannot be selectively hardened), making vendor patches the sole mitigation. Monitor Samsung's semiconductor security portal and device OEM security bulletins for exact patched firmware build numbers.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Share

CVE-2025-54324 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy