What is the CVSS score of CVE-2025-54326?

CVE-2025-54326 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Exynos 1280 Firmware are affected by CVE-2025-54326?

This vulnerability affects Samsung devices with Exynos 1280 and 2200 processors, potentially causing camera functionality to crash and become unavailable.

How to fix or mitigate CVE-2025-54326?

Within 24 hours: Identify and inventory all Samsung devices using Exynos 1280/2200 processors in your environment. Within 7 days: Implement user awareness training on avoiding camera-triggering applications from untrusted sources and document baseline camera functionality. Within 30 days: Monitor Samsung security bulletins for patch availability and establish a rapid deployment process once released.

Exynos 1280 Firmware CVE-2025-54326

EUVD-2025-200998 HIGH

NULL Pointer Dereference (CWE-476)

2025-12-03 cve@mitre.org

Denial Of Service Null Pointer Dereference Samsung Exynos 1280 Firmware Exynos 2200 Firmware

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-200998

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

CVE Published

Dec 03, 2025 - 17:15 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.

Analysis

Technical ContextAI

A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL.

RemediationAI

Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.

More from same product – last 7 days

CVE-2026-8915 HIGH This Week

8.8 May 28

Out-of-bounds write in Samsung's Escargot JavaScript engine allows attacker-supplied scripts to corrupt memory through t

CVE-2026-45956 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup

CVE-2026-45958 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferenci

CVE-2025-54326 vulnerability details – vuln.today

Back

Exynos 1280 Firmware CVE-2025-54326

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code