What is the CVSS score of CVE-2025-57835?

CVE-2025-57835 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Exynos 1080 Firmware are affected by CVE-2025-57835?

CVE-2025-57835 affects Samsung Exynos processors across mobile devices, wearables, and modems, enabling unauthenticated remote attackers to crash affected systems through malformed radio control…

How to fix or mitigate CVE-2025-57835?

Within 24 hours: Inventory Samsung Exynos-based devices (Galaxy S10-S25 series, Galaxy Tab, Galaxy Watch, and cellular modules in enterprise environments). Within 7 days: Contact Samsung support for patch availability timelines and confirm affected device population in your environment. Within 30 days: Develop and test deployment plan for vendor patches when released; implement network segmentation for affected wearables and IoT devices to limit unauthenticated RRC message exposure.

Exynos 1080 Firmware CVE-2025-57835

EUVD-2025-209237 HIGH

Improper Input Validation (CWE-20)

2026-04-06 cve@mitre.org

GHSA-r58x-6wq2-782p

Denial Of Service Samsung Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware Exynos 1380 Firmware Exynos 1480 Firmware Exynos 1580 Firmware Exynos 2100 Firmware Exynos 2200 Firmware Exynos 2400 Firmware Exynos 2500 Firmware Exynos 850 Firmware Exynos 9110 Firmware Exynos 980 Firmware Exynos 990 Firmware Exynos Modem 5123 Firmware Exynos W1000 Firmware Exynos W920 Firmware Exynos W930 Firmware Exynos Modem 5300 Firmware Exynos Modem 5400 Firmware

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 06, 2026 - 18:22 euvd

EUVD-2025-209237

Analysis Generated

Apr 06, 2026 - 18:22 vuln.today

CVE Published

Apr 06, 2026 - 18:16 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message.

AnalysisAI

System crash in Samsung Exynos processors (980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, Wearable W920/W930/W1000, Modems 5123/5300/5400) allows unauthenticated remote attackers to trigger denial-of-service via malformed RRCReconfiguration message exploiting improper memory initialization in the Radio Resource Control (RRC) layer. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) indicates very low probability of imminent exploitation despite network-reachable attack surface and low complexity (CVSS 7.5, AV:N/AC:L/PR:N).

Technical ContextAI

This vulnerability resides in the RRC (Radio Resource Control) protocol implementation within Samsung Exynos baseband processors and modems. RRC is a critical Layer 3 signaling protocol in cellular networks (LTE/5G) responsible for connection management, mobility, and radio bearer configuration. The flaw stems from CWE-20 (Improper Input Validation), specifically inadequate memory initialization when processing RRCReconfiguration messages from the network. When a malformed RRCReconfiguration message is received, uninitialized memory regions are accessed illegally, triggering undefined behavior that crashes the modem subsystem. The affected CPE strings indicate this impacts both mobile processors (flagship 2100/2200/2400/2500 series, mid-range 1080/1280/1380/1480/1580 series, entry-level 850/980/990) and standalone modem chipsets (5123/5300/5400), plus wearable processors (W920/W930/W1000). The vulnerability operates at the cellular baseband level, making it accessible from any device capable of transmitting cellular signaling messages on the same network cell.

RemediationAI

Apply firmware updates from Samsung Semiconductor as documented in the official security bulletin at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57835/. End users should install over-the-air (OTA) system updates from their device manufacturer (Samsung Mobile, wearable OEMs) that incorporate patched Exynos firmware. Device manufacturers integrating affected Exynos chipsets should contact Samsung Semiconductor directly for updated baseband firmware packages. Enterprise mobile device management (MDM) administrators should enforce mandatory security updates for affected Galaxy devices in corporate fleets. No workarounds are available as this is a baseband-level vulnerability requiring vendor firmware remediation. Monitor Samsung's security update portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ for release timelines and detailed patch distribution schedules per chipset model. Network operators may implement supplementary protections by validating RRC signaling message formats at base station level, though this is not a substitute for device-level patching.