What is the CVSS score of CVE-2025-54602?

CVE-2025-54602 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Samsung are affected by CVE-2025-54602?

CVE-2025-54602 is a use-after-free vulnerability in Samsung Exynos Wi-Fi drivers affecting 11 mobile and wearable processor models, allowing local attackers with low privileges to compromise device…

How to fix or mitigate CVE-2025-54602?

Within 24 hours: Identify all Samsung devices using affected Exynos Wi-Fi driver models (obtain list from Samsung security bulletin); audit local access policies and privilege escalation controls. Within 7 days: Restrict local application installation and sideloading on affected endpoints; enable Mobile Device Management (MDM) enforcement of application whitelisting; document baseline inventory by device model and processor version. Within 30 days: Monitor Samsung security advisories for vendor patch release; evaluate replacement or isolation of highest-risk devices in critical workflows; conduct post-patch deployment testing on non-production devices before organization-wide rollout.

Samsung CVE-2025-54602

EUVD-2025-209245 HIGH

Race Condition (CWE-362)

2026-04-06 mitre

Information Disclosure Samsung Race Condition

7.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 06, 2026 - 19:30 euvd

EUVD-2025-209245

Analysis Generated

Apr 06, 2026 - 19:30 vuln.today

CVE Published

Apr 06, 2026 - 00:00 nvd

HIGH 7.0

DescriptionNVD

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.

AnalysisAI

Use-after-free in Samsung Exynos Wi-Fi driver affects 11 mobile and wearable processor models via race condition triggered by concurrent ioctl calls. Local attackers with low privileges can exploit improper synchronization on a global variable to achieve high-impact compromise (confidentiality, integrity, availability). EPSS data not available; no confirmed active exploitation (not in CISA KEV); public exploit code status unknown. Attack complexity rated high (AC:H) due to race condition timing requirements, reducing immediate weaponization risk despite 7.0 CVSS score.

Technical ContextAI

This vulnerability stems from CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization/Race Condition) in Samsung's proprietary Wi-Fi driver implementation for Exynos chipsets. The affected processors span mobile (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580) and wearable (W920, W930, W1000) product lines. The flaw involves improper locking or synchronization mechanisms when multiple threads concurrently invoke ioctl system calls that manipulate a shared global variable in kernel space. This creates a time-of-check-time-of-use (TOCTOU) window where a pointer can be freed by one thread while still being referenced by another, resulting in a use-after-free condition. Successful exploitation requires precise timing to win the race, typical of kernel-level synchronization bugs in device drivers where performance optimization sometimes sacrifices thread safety.

RemediationAI

Samsung Semiconductor has published a security advisory acknowledging CVE-2025-54602 at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54602/ and their general product security updates page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/. Device manufacturers using affected Exynos processors should obtain updated chipset firmware from Samsung and integrate it into device firmware updates. End users should apply security patches distributed through their device manufacturer's update channels (typically Samsung Security Maintenance Release or SMR updates for Galaxy devices). Specific patched firmware versions are not detailed in the available references, so users should monitor their device manufacturer's security bulletins and apply all available system updates. No workarounds are documented; patching is the only effective mitigation. Enterprise mobility management teams should verify patch deployment across managed Samsung device fleets and consider restricting installation of untrusted applications on unpatched devices to minimize local attack surface.