Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 18:22 euvd
EUVD-2025-209237
Analysis Generated
Apr 06, 2026 - 18:22 vuln.today
CVE Published
Apr 06, 2026 - 18:16 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message.

AnalysisAI

System crash in Samsung Exynos processors (980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, Wearable W920/W930/W1000, Modems 5123/5300/5400) allows unauthenticated remote attackers to trigger denial-of-service via malformed RRCReconfiguration message exploiting improper memory initialization in the Radio Resource Control (RRC) layer. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) indicates very low probability of imminent exploitation despite network-reachable attack surface and low complexity (CVSS 7.5, AV:N/AC:L/PR:N).

Technical ContextAI

This vulnerability resides in the RRC (Radio Resource Control) protocol implementation within Samsung Exynos baseband processors and modems. RRC is a critical Layer 3 signaling protocol in cellular networks (LTE/5G) responsible for connection management, mobility, and radio bearer configuration. The flaw stems from CWE-20 (Improper Input Validation), specifically inadequate memory initialization when processing RRCReconfiguration messages from the network. When a malformed RRCReconfiguration message is received, uninitialized memory regions are accessed illegally, triggering undefined behavior that crashes the modem subsystem. The affected CPE strings indicate this impacts both mobile processors (flagship 2100/2200/2400/2500 series, mid-range 1080/1280/1380/1480/1580 series, entry-level 850/980/990) and standalone modem chipsets (5123/5300/5400), plus wearable processors (W920/W930/W1000). The vulnerability operates at the cellular baseband level, making it accessible from any device capable of transmitting cellular signaling messages on the same network cell.

RemediationAI

Apply firmware updates from Samsung Semiconductor as documented in the official security bulletin at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57835/. End users should install over-the-air (OTA) system updates from their device manufacturer (Samsung Mobile, wearable OEMs) that incorporate patched Exynos firmware. Device manufacturers integrating affected Exynos chipsets should contact Samsung Semiconductor directly for updated baseband firmware packages. Enterprise mobile device management (MDM) administrators should enforce mandatory security updates for affected Galaxy devices in corporate fleets. No workarounds are available as this is a baseband-level vulnerability requiring vendor firmware remediation. Monitor Samsung's security update portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ for release timelines and detailed patch distribution schedules per chipset model. Network operators may implement supplementary protections by validating RRC signaling message formats at base station level, though this is not a substitute for device-level patching.

CVE-2025-47202 CRITICAL
9.1 Jul 07

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13

CVE-2025-27807 CRITICAL
9.1 Jan 05

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write

CVE-2025-23102 HIGH
8.8 Jun 03

Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an

CVE-2024-39890 HIGH
8.1 Dec 02

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 108

CVE-2024-44068 HIGH
8.1 Oct 07

An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 9

CVE-2024-29153 HIGH
8.1 Jul 09

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Ex

CVE-2025-23098 HIGH
7.8 Jun 03

Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that e

CVE-2024-52924 HIGH
7.5 Mar 06

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,

CVE-2024-52923 HIGH
7.5 Mar 06

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,

CVE-2025-43706 HIGH
7.5 Jan 05

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 240

CVE-2025-59439 HIGH
7.5 Feb 03

An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920

CVE-2025-59440 HIGH
7.5 Apr 06

Denial of service in Samsung Exynos USIM firmware across mobile, wearable, and modem processors allows unauthenticated r

Share

CVE-2025-57835 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy