How to fix CVE-2025-57835?

Within 24 hours: Inventory Samsung Exynos-based devices (Galaxy S10-S25 series, Galaxy Tab, Galaxy Watch, and cellular modules in enterprise environments). Within 7 days: Contact Samsung support for patch availability timelines and confirm affected device population in your environment. Within 30 days: Develop and test deployment plan for vendor patches when released; implement network segmentation for affected wearables and IoT devices to limit unauthenticated RRC message exposure.

Is Exynos 990 Firmware affected by CVE-2025-57835?

CVE-2025-57835 affects Samsung Exynos processors across mobile devices, wearables, and modems, enabling unauthenticated remote attackers to crash affected systems through malformed radio control messages.

CVE-2025-57835

EUVD-2025-209237 HIGH

2026-04-06 [email protected]

GHSA-r58x-6wq2-782p

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 06, 2026 - 18:22 vuln.today

EUVD ID Assigned

Apr 06, 2026 - 18:22 euvd

EUVD-2025-209237

CVE Published

Apr 06, 2026 - 18:16 nvd

HIGH 7.5

Description

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message.

Analysis

System crash in Samsung Exynos processors (980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, Wearable W920/W930/W1000, Modems 5123/5300/5400) allows unauthenticated remote attackers to trigger denial-of-service via malformed RRCReconfiguration message exploiting improper memory initialization in the Radio Resource Control (RRC) layer. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) indicates very low probability of imminent exploitation despite network-reachable attack surface and low complexity (CVSS 7.5, AV:N/AC:L/PR:N).

Technical Context

This vulnerability resides in the RRC (Radio Resource Control) protocol implementation within Samsung Exynos baseband processors and modems. RRC is a critical Layer 3 signaling protocol in cellular networks (LTE/5G) responsible for connection management, mobility, and radio bearer configuration. The flaw stems from CWE-20 (Improper Input Validation), specifically inadequate memory initialization when processing RRCReconfiguration messages from the network. When a malformed RRCReconfiguration message is received, uninitialized memory regions are accessed illegally, triggering undefined behavior that crashes the modem subsystem. The affected CPE strings indicate this impacts both mobile processors (flagship 2100/2200/2400/2500 series, mid-range 1080/1280/1380/1480/1580 series, entry-level 850/980/990) and standalone modem chipsets (5123/5300/5400), plus wearable processors (W920/W930/W1000). The vulnerability operates at the cellular baseband level, making it accessible from any device capable of transmitting cellular signaling messages on the same network cell.

Affected Products

Samsung Exynos mobile processors across multiple generations: flagship series (Exynos 2500/2400/2200/2100), mid-range series (Exynos 1580/1480/1380/1330/1280/1080/990/980), and budget series (Exynos 850). Additionally affected are Samsung wearable processors (Exynos W1000, W930, W920) used in Galaxy Watch devices, standalone cellular modem chipsets (Exynos Modem 5400, 5300, 5123), and automotive/IoT processor Exynos 9110. All firmware versions are impacted per CPE data showing no version differentiation (cpe:2.3:o:samsung:exynos_*_firmware:-). These processors power hundreds of Samsung Galaxy smartphone models from 2019-2024 (A-series, S-series, Note-series), Galaxy Watch smartwatches, and third-party devices using Samsung modems. Vendor security advisory available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57835/.

Remediation

Apply firmware updates from Samsung Semiconductor as documented in the official security bulletin at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57835/. End users should install over-the-air (OTA) system updates from their device manufacturer (Samsung Mobile, wearable OEMs) that incorporate patched Exynos firmware. Device manufacturers integrating affected Exynos chipsets should contact Samsung Semiconductor directly for updated baseband firmware packages. Enterprise mobile device management (MDM) administrators should enforce mandatory security updates for affected Galaxy devices in corporate fleets. No workarounds are available as this is a baseband-level vulnerability requiring vendor firmware remediation. Monitor Samsung's security update portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ for release timelines and detailed patch distribution schedules per chipset model. Network operators may implement supplementary protections by validating RRC signaling message formats at base station level, though this is not a substitute for device-level patching.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-57835 vulnerability details – vuln.today

Back

CVE-2025-57835

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-57835

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code